Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tO8laPAv1k.exe

Overview

General Information

Sample name:tO8laPAv1k.exe
renamed because original name is a hash value
Original sample name:a605b2e7e9e9da0bf74726d132b18800e81b36d2a8e6ffcc35f428a5d0e7aadf.exe
Analysis ID:1576976
MD5:8046eee34b90a417ac4ee92408958f89
SHA1:1901fb1665abda5de29a8f4e64c0c5271e560431
SHA256:a605b2e7e9e9da0bf74726d132b18800e81b36d2a8e6ffcc35f428a5d0e7aadf
Tags:104-161-43-18Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • tO8laPAv1k.exe (PID: 1196 cmdline: "C:\Users\user\Desktop\tO8laPAv1k.exe" MD5: 8046EEE34B90A417AC4EE92408958F89)
    • tO8laPAv1k.exe (PID: 2368 cmdline: "C:\Users\user\Desktop\tO8laPAv1k.exe" MD5: 8046EEE34B90A417AC4EE92408958F89)
      • svchost.exe (PID: 1880 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 5224 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 1312 cmdline: C:\Windows\system32\WerFault.exe -u -p 5224 -s 64 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 3684 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 428 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.1935422331.00000000007A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000003.00000003.1942949955.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.svchost.exe.52a0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              1.3.tO8laPAv1k.exe.2f80000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                1.3.tO8laPAv1k.exe.2d60000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  3.3.svchost.exe.54c0000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    1.3.tO8laPAv1k.exe.2f80000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\tO8laPAv1k.exe, ProcessId: 1196, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectouinVans
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\tO8laPAv1k.exe", ParentImage: C:\Users\user\Desktop\tO8laPAv1k.exe, ParentProcessId: 2368, ParentProcessName: tO8laPAv1k.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 1880, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\tO8laPAv1k.exe", ParentImage: C:\Users\user\Desktop\tO8laPAv1k.exe, ParentProcessId: 2368, ParentProcessName: tO8laPAv1k.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 1880, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-17T20:18:30.653870+010028548021Domain Observed Used for C2 Detected104.161.43.182845192.168.2.449731TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8"}
                      Multi AV Scanner detection for submitted file
                      Source: tO8laPAv1k.exeReversingLabs: Detection: 57%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

                      Compliance

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeUnpacked PE file: 0.2.tO8laPAv1k.exe.2250000.2.unpack
                      Source: tO8laPAv1k.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: tO8laPAv1k.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: wkernel32.pdb source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949558805.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949637111.00000000053C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: tO8laPAv1k.exe, 00000001.00000003.1937010956.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1936792842.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948407121.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948593625.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1937381159.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1937604264.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949358396.0000000005440000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948902397.00000000052A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: tO8laPAv1k.exe, PerfectouinVans.exe.0.dr
                      Source: Binary string: ntdll.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1937010956.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1936792842.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948407121.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948593625.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: tO8laPAv1k.exe, 00000001.00000003.1937381159.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1937604264.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949358396.0000000005440000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948902397.00000000052A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949558805.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949637111.00000000053C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: tO8laPAv1k.exe, PerfectouinVans.exe.0.dr
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,0_2_004631F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,0_2_0045A7D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00462F00 FindFirstFileW,FindClose,0_2_00462F00
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,1_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,1_2_004631F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,1_2_0045A7D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00462F00 FindFirstFileW,FindClose,1_2_00462F00
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp9_2_000002838C430511

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.161.43.18:2845 -> 192.168.2.4:49731
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8
                      Source: global trafficTCP traffic: 192.168.2.4:49731 -> 104.161.43.18:2845
                      Source: Joe Sandbox ViewIP Address: 104.161.43.18 104.161.43.18
                      Source: Joe Sandbox ViewASN Name: IOFLOODUS IOFLOODUS
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: tO8laPAv1k.exe, PerfectouinVans.exe.0.drString found in binary or memory: http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401
                      Source: svchost.exe, 00000003.00000002.2037195904.0000000002AFC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2037503082.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000009.00000002.2535426118.000002838C430000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8
                      Source: svchost.exe, 00000003.00000002.2037503082.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2535426118.000002838C430000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatio
                      Source: svchost.exe, 00000003.00000002.2037195904.0000000002AFC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8x
                      Source: svchost.exe, 00000003.00000003.1966944884.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000003.00000003.1966944884.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_30bfe8a1-8
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_1399fcbb-5
                      Source: Yara matchFile source: 3.3.svchost.exe.52a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.tO8laPAv1k.exe.2f80000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.tO8laPAv1k.exe.2d60000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.svchost.exe.54c0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.tO8laPAv1k.exe.2f80000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.svchost.exe.52a0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.svchost.exe.54c0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.svchost.exe.52a0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: tO8laPAv1k.exe PID: 2368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1880, type: MEMORYSTR

                      System Summary

                      barindex
                      Drops large PE files
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeFile dump: PerfectouinVans.exe.0.dr 979567347Jump to dropped file
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447A78 NtQueryDefaultLocale,0_2_00447A78
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447B66 NtQueryDefaultLocale,0_2_00447B66
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447C60 NtQueryDefaultLocale,0_2_00447C60
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447E50 NtQueryDefaultLocale,0_2_00447E50
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_000002838C431AA4 NtAcceptConnectPort,NtAcceptConnectPort,9_2_000002838C431AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_000002838C431CF4 NtAcceptConnectPort,CloseHandle,9_2_000002838C431CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_000002838C4315C0 NtAcceptConnectPort,9_2_000002838C4315C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_000002838C430AC8 NtAcceptConnectPort,NtAcceptConnectPort,9_2_000002838C430AC8
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00460070: DeviceIoControl,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_00460070
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0041E0F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0041E0F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044F9250_2_0044F925
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0043604F0_2_0043604F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004450010_2_00445001
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0043601A0_2_0043601A
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004470CC0_2_004470CC
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044F08A0_2_0044F08A
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044E0BE0_2_0044E0BE
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044919A0_2_0044919A
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004462F20_2_004462F2
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004442990_2_00444299
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044233C0_2_0044233C
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004364F70_2_004364F7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004464930_2_00446493
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004444A00_2_004444A0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004415570_2_00441557
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004405030_2_00440503
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044F52F0_2_0044F52F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0045067F0_2_0045067F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044E6320_2_0044E632
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0043474B0_2_0043474B
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044D7700_2_0044D770
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004508670_2_00450867
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004458260_2_00445826
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044195C0_2_0044195C
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044D9A80_2_0044D9A8
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447A780_2_00447A78
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044DA8F0_2_0044DA8F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041FAB00_2_0041FAB0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447B660_2_00447B66
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0056BB960_2_0056BB96
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447C600_2_00447C60
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00440C0B0_2_00440C0B
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00441D180_2_00441D18
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00441D2F0_2_00441D2F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0050DE5C0_2_0050DE5C
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00447E500_2_00447E50
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044CE7A0_2_0044CE7A
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00444E7B0_2_00444E7B
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00435E210_2_00435E21
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0044FE860_2_0044FE86
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00435E810_2_00435E81
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00435EB70_2_00435EB7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00461F100_2_00461F10
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00445F290_2_00445F29
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00443FF00_2_00443FF0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00468F800_2_00468F80
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00435F8B0_2_00435F8B
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_006081D21_3_006081D2
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_005FC2311_3_005FC231
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_005FC4001_3_005FC400
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0043604F1_2_0043604F
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0043601A1_2_0043601A
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004364F71_2_004364F7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0043474B1_2_0043474B
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0041FAB01_2_0041FAB0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00435E211_2_00435E21
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00435E811_2_00435E81
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00435EB71_2_00435EB7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00461F101_2_00461F10
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00468F801_2_00468F80
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00435F8B1_2_00435F8B
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_000002838C430C709_2_000002838C430C70
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: String function: 00474096 appears 394 times
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: String function: 005FCD90 appears 33 times
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: String function: 0040AC20 appears 36 times
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: String function: 0044E7B0 appears 44 times
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: String function: 0040AB60 appears 32 times
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 428
                      Source: tO8laPAv1k.exeBinary or memory string: OriginalFilename vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000000.00000000.1775154537.0000000000499000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000000.00000002.2022650463.0000000002299000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000000.00000002.2022863320.0000000002400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1936792842.0000000002ED8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1941080400.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1937604264.000000000302D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938671471.0000000003161000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1937381159.0000000002E83000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002DF2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000000.1925067278.0000000000499000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1937010956.00000000030D6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002E80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exe, 00000001.00000003.1935667413.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exeBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs tO8laPAv1k.exe
                      Source: tO8laPAv1k.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, tO8laPAv1k.exe, 00000000.00000002.2022650463.0000000002299000.00000040.00001000.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1941080400.0000000000619000.00000040.00000400.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1935667413.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: tO8laPAv1k.exe, tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, tO8laPAv1k.exe, 00000000.00000002.2022650463.0000000002299000.00000040.00001000.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1941080400.0000000000619000.00000040.00000400.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1935667413.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0041E0F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,0_2_00419CF0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,0_2_00419D90
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0041E0F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,1_2_00419CF0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,1_2_00419D90
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00463750 GetDiskFreeSpaceW,0_2_00463750
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004197C0 LoadBitmapW,CoInitialize,CoCreateInstance,CoUninitialize,CoSetProxyBlanket,CoUninitialize,CoUninitialize,VariantInit,VariantClear,VariantClear,VariantClear,CoUninitialize,0_2_004197C0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_0041B4B0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeFile created: C:\Users\user\Documents\PerfectouinJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-d4daedc7-d45f-905ab4-2729bc7b69fc}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5224
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\eb7f9795-b5df-4b86-8787-bd2c401efdc5Jump to behavior
                      Source: tO8laPAv1k.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: tO8laPAv1k.exeReversingLabs: Detection: 57%
                      Source: tO8laPAv1k.exeString found in binary or memory: -InstallNative
                      Source: tO8laPAv1k.exeString found in binary or memory: -InstallNative
                      Source: tO8laPAv1k.exeString found in binary or memory: H{4391F12D-936B-4037-9383-DCB800DF7B65}chs-NewInstallNative-UninstallNative-InstallNativeSeBackupPrivilegeSeRestorePrivilegeText_ColorSelect_ColorFoucs_ColorFrame_Color-BootTimeDefrag{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}SYSTEM\CurrentControlSet\services\BootDefrag\DiskDefrag%SystemRoot%chbStartAutomaticallyOnLogonDiskDefrag\Setting Option\GereralDisk Speedup\DiskDefrag.exeDisk Speedup Initialization-autorunMinimizeToTrayShowBalloonchbMultithreadingchbStopVssDefragNTFSVSSColorIndexDiskDefrag\Setting Option\Gereral\DefragColorchbFrageMentsSmallerDiskDefrag\Setting Option\DefragcbbFrageMentsSmallerchbFileFragementAmountcbbFileFragementAmountchbFileLargercbbFileLargerchbFileSmallercbbFileSmallerCleanupTipCleanupTypeCheckDefragCPUIdleDiskDefrag\AutoDefragmentionCPUIdleTimeCheckPauseCPUUsageCPUUsageExceedAutoDefragDrivers1DefragmentedFilesLastDefragmentionCheckRunScheduleDiskDefrag\RunSheduleSheduleActionFrequencyWeekDayDayHourSheuldeDrivers\%d3400002ScheduleStartchbMoveLargeFilesDiskDefrag\Setting Option\OptimizechbMimiFileSizecbbFileSizechbNotAccesInLastchbFileInRecylechbFileInSelectedDiskDefrag\Setting Option\Optimize\OptimizeList3403001*.zip, *.rar3403002*.avi,*.mpg,*.mpeg,*.mov,*.mkv,*.mp3,*.mp4,*.wmv3403003*.iso,*.binDiskDefrag\Setting Option\ExcludeDefragFinishRingtone3402075DiskDefrag\SSDchbStopDefragInBatterySeShutdownPrivilegePowrProf.dllSetSuspendStatempegvideo%s/n
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeFile read: C:\Users\user\Desktop\tO8laPAv1k.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\tO8laPAv1k.exe "C:\Users\user\Desktop\tO8laPAv1k.exe"
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Users\user\Desktop\tO8laPAv1k.exe "C:\Users\user\Desktop\tO8laPAv1k.exe"
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 428
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5224 -s 64
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Users\user\Desktop\tO8laPAv1k.exe "C:\Users\user\Desktop\tO8laPAv1k.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: tO8laPAv1k.exeStatic file information: File size 1862656 > 1048576
                      Source: tO8laPAv1k.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x130800
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: tO8laPAv1k.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: tO8laPAv1k.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wkernel32.pdb source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949558805.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949637111.00000000053C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: tO8laPAv1k.exe, 00000001.00000003.1937010956.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1936792842.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948407121.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948593625.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1937381159.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1937604264.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949358396.0000000005440000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948902397.00000000052A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: tO8laPAv1k.exe, PerfectouinVans.exe.0.dr
                      Source: Binary string: ntdll.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1937010956.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1936792842.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948407121.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948593625.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: tO8laPAv1k.exe, 00000001.00000003.1937381159.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1937604264.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949358396.0000000005440000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1948902397.00000000052A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1938130711.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938207940.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949558805.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949637111.00000000053C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: tO8laPAv1k.exe, 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: tO8laPAv1k.exe, PerfectouinVans.exe.0.dr

                      Data Obfuscation

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeUnpacked PE file: 0.2.tO8laPAv1k.exe.2250000.2.unpack
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,0_2_004150A0
                      Source: tO8laPAv1k.exeStatic PE information: real checksum: 0xf661c should be: 0x1c7abf
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0050E58E push ecx; ret 0_2_0050E5A1
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00473991 push ecx; ret 0_2_004739A4
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060B86D push ebx; ret 1_3_0060B864
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060A840 push ebp; retf 1_3_0060A841
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060E83C pushad ; ret 1_3_0060E841
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060E80E push eax; iretd 1_3_0060E81D
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060A0F9 push FFFFFF82h; iretd 1_3_0060A0FB
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060D8A0 push 0000002Eh; iretd 1_3_0060D8A2
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_00608904 push ecx; ret 1_3_00608917
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060B1DD push eax; ret 1_3_0060B1DF
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060E586 pushad ; retf 1_3_0060E599
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_00609F6A push eax; ret 1_3_00609F75
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_0060B70B push ebx; ret 1_3_0060B864
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00473991 push ecx; ret 1_2_004739A4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B358BC pushad ; ret 3_3_02B358C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B3588E push eax; iretd 3_3_02B3589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B328ED push ebx; ret 3_3_02B328E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B318C0 push ebp; retf 3_3_02B318C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B36012 push 00000038h; iretd 3_3_02B3601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B35606 pushad ; retf 3_3_02B35619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B3225D push eax; ret 3_3_02B3225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B3278B push ebx; ret 3_3_02B328E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B30FEA push eax; ret 3_3_02B30FF5
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B35FEE push FFFFFFD2h; retf 3_3_02B36011
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B34920 push 0000002Eh; iretd 3_3_02B34922
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B35F0C push es; iretd 3_3_02B35F0D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B31179 push FFFFFF82h; iretd 3_3_02B3117B

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files to the document folder of the user
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_004112B7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_004112B9
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,1_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,1_2_004112B7
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,1_2_004112B9
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_0041B4B0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVansJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVansJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,0_2_0041F8D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00420B40 IsIconic,0_2_00420B40
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,1_2_0041F8D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00420B40 IsIconic,1_2_00420B40
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 55FB83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, tO8laPAv1k.exe, 00000000.00000002.2022650463.0000000002299000.00000040.00001000.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1941080400.0000000000619000.00000040.00000400.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1935667413.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: tO8laPAv1k.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: tO8laPAv1k.exe, 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, tO8laPAv1k.exe, 00000000.00000002.2022650463.0000000002299000.00000040.00001000.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1941080400.0000000000619000.00000040.00000400.00020000.00000000.sdmp, tO8laPAv1k.exe, 00000001.00000003.1935667413.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeDropped PE file which has not been started: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,0_2_004631F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,0_2_0045A7D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00462F00 FindFirstFileW,FindClose,0_2_00462F00
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,1_2_00411150
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,1_2_004631F0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,1_2_0045A7D0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_00462F00 FindFirstFileW,FindClose,1_2_00462F00
                      Source: svchost.exe, 00000003.00000002.2037663247.0000000003390000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: hgFS.
                      Source: svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000003.00000002.2037477660.000000000305C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]en-USen-GBn
                      Source: svchost.exe, 00000003.00000002.2037372898.0000000003000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000003.00000002.2037401161.0000000003043000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_00609098 VirtualAlloc,LdrInitializeThunk,VirtualFree,1_3_00609098
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004734E6
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,0_2_004150A0
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_3_00609277 mov eax, dword ptr fs:[00000030h]1_3_00609277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 3_3_02B30283 mov eax, dword ptr fs:[00000030h]3_3_02B30283
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00474040 GetProcessHeap,HeapFree,0_2_00474040
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Users\user\Desktop\tO8laPAv1k.exe "C:\Users\user\Desktop\tO8laPAv1k.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004734E6
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 1_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_004734E6

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeMemory written: C:\Users\user\Desktop\tO8laPAv1k.exe base: 5D0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_00502A5F cpuid 0_2_00502A5F
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041C260 GetSystemTimeAsFileTime,SHFormatDateTimeW,0_2_0041C260
                      Source: C:\Users\user\Desktop\tO8laPAv1k.exeCode function: 0_2_0041A06D GetVersion,EnumWindows,IsWindow,SetForegroundWindow,SendMessageW,SendMessageW,SendMessageW,InitCommonControlsEx,CreateSolidBrush,EnumWindows,IsWindow,SetForegroundWindow,EnumWindows,IsWindow,SendMessageW,0_2_0041A06D
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000001.00000003.1935422331.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1942949955.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2037663247.0000000003390000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1962817056.0000000000A70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000001.00000003.1935422331.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1942949955.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2037663247.0000000003390000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1962817056.0000000000A70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		21
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      Windows Service                      		1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Input Capture                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Windows Service                      		3
                      Obfuscated Files or Information                      		Security Account Manager126
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      Service Execution                      		Login Hook211
                      Process Injection                      		1
                      Software Packing                      		NTDS231
                      Security Software Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets1
                      Virtualization/Sandbox Evasion                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      tO8laPAv1k.exe58%ReversingLabsWin32.Adware.RedCap

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatio0%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt80%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8x0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8xsvchost.exe, 00000003.00000002.2037195904.0000000002AFC000.00000004.00000010.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000003.00000003.1966944884.00000000031A0000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000003.00000003.1966944884.00000000031A0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatiosvchost.exe, 00000003.00000002.2037503082.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2535426118.000002838C430000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401tO8laPAv1k.exe, PerfectouinVans.exe.0.drfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.161.43.18
                            		unknownUnited States
                            		53755IOFLOODUStrue

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1576976
                            Start date and time:2024-12-17 20:17:07 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 8m 45s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:13
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:tO8laPAv1k.exe
                            renamed because original name is a hash value
                            Original Sample Name:a605b2e7e9e9da0bf74726d132b18800e81b36d2a8e6ffcc35f428a5d0e7aadf.exe
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@9/6@0/1
                            EGA Information:
                            • Successful, ratio: 50%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 20.189.173.22, 172.202.163.200, 20.190.147.12, 13.107.246.63
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target svchost.exe, PID 1880 because there are no executed function
                            • Execution Graph export aborted for target tO8laPAv1k.exe, PID 2368 because there are no executed function
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • VT rate limit hit for: tO8laPAv1k.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            14:19:25API Interceptor1x Sleep call for process: WerFault.exe modified
                            19:18:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe
                            19:18:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            104.161.43.18122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                              pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                  873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                    0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                      1H57mPm9jr.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                          taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            IOFLOODUS122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.161.43.18
                                            pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.161.43.18
                                            IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.161.43.18
                                            873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.161.43.18
                                            0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.161.43.18
                                            svhost.exeGet hashmaliciousQuasarBrowse
                                            • 148.163.102.170
                                            KjECqzXLWp.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 162.213.210.250
                                            cey4VIyGKh.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 162.213.210.250
                                            msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                            • 162.213.210.250
                                            msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                            • 162.213.210.250

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_01d4ccd9-fff2-4734-8d88-efe1fe1ebf12\Report.wer

                                            Download File
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):0.6601863803964547
                                            Encrypted:false
                                            SSDEEP:96:WBF4K3exqigKJ6/s3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/D:252Hn6/xR0apYKjqzuiFaZ24lO8JO
                                            MD5:B05F014D68157E94B6279C1C84A9A360
                                            SHA1:071551BEF1ACDD9CBDE3834F4ADA7720EB83CBB3
                                            SHA-256:DEF096574C57CCFE395243D537750A144016626482838C9A9C90878E8B24BBA4
                                            SHA-512:73AE9AD4BF9D11DF64C5FF76EFC0237CFF0E229054A8CABFF6FDBB748AF9BE8F90BCF6D8B4847FFA9563474E53BC0EFB896845C52C2D3C56B90D7E11E92FB5B5
                                            Malicious:false
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.3.6.7.1.8.6.5.0.3.5.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.3.6.7.1.9.3.2.2.2.4.6.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.d.4.c.c.d.9.-.f.f.f.2.-.4.7.3.4.-.8.d.8.8.-.e.f.e.1.f.e.1.e.b.f.1.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.a.2.9.3.8.6.e.-.d.3.c.a.-.4.1.4.7.-.8.5.9.f.-.9.f.1.e.7.7.6.9.2.c.0.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.6.8.-.0.0.0.1.-.0.0.1.4.-.2.0.c.9.-.d.f.7.7.b.8.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA2C.tmp.dmp

                                            Download File
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Mini DuMP crash report, 14 streams, Tue Dec 17 19:18:38 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):49582
                                            Entropy (8bit):1.2303455788436741
                                            Encrypted:false
                                            SSDEEP:96:5j78MCjtrKbRcFjIySH/7i7CFF6wAMhBBnmq+LWInevI:2prKUIDOKsJMhB4qO
                                            MD5:61DEE3D35BD9BD81113E14EC8488AE8E
                                            SHA1:08E3155BB54F7F80F89AF310AB3EEEDABE386F9B
                                            SHA-256:B73947A2F3AC367803CB84FCCDF2BE23148295629CC569086201EBEBC5853AA7
                                            SHA-512:CC811C8093EB66405CDEBC9C1315611254BBC6F44E684A55FF9F99F183CCD351744096E247C56FC4D2B75603111693996D83911B020D6163E1E2F70919F6F6B5
                                            Malicious:false
                                            Reputation:low
                                            Preview:MDMP..a..... .........ag........................................2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T.......h.....ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBACA.tmp.WERInternalMetadata.xml

                                            Download File
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):8622
                                            Entropy (8bit):3.691621966618852
                                            Encrypted:false
                                            SSDEEP:192:R6l7wVeJDLF76Y1Jj7Kgmfr57v7pDa89bBBdfqrm:R6lXJP56Y7j2gmfrFv9Bbff
                                            MD5:014B5DD64C11B55D9BE0365F8752A0F5
                                            SHA1:8193F4FDF005A6B73588F83DA2D95FFC8D15B684
                                            SHA-256:96D18D1F455FABA604B5997430BBE4761C554C1013E05D6061698F6B65CE8FF2
                                            SHA-512:B551B076EA43157A253928CBAFFF8B35C49C750A615EC1FE8C84A204730C9F83C708E869B8FFB787A432954E5F487C5BB11964955EFB2F3212C2DCF21EA7FE2A
                                            Malicious:false
                                            Reputation:low
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.2.2.4.<./.P.i.

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB76.tmp.xml

                                            Download File
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4853
                                            Entropy (8bit):4.448356493423218
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zsnJg771I9iFWpW8VY3Ym8M4Jk5LvM6F+oyq8vU5LvMXaMuSFd:uIjfJI7x07VfJcjMFoWsjMX1u4d
                                            MD5:C6F0BA9429108BD29ABE6BAE23C84A00
                                            SHA1:B4B2A97D875A037BC7F48EDF57DBD4FF0E5472EC
                                            SHA-256:1EFD19916CD8B808A54411B20F9A5AA561A4D58E989FE946DE8B0BD3F3AFD6AA
                                            SHA-512:48CB42FAAB5802C69B2D46CD9A1E178CD11A52EA89C1A00ED9857F158C916C081CF5EB9BC1D4B7A8A96E220D1D6B5B80807907671C81B51CCEAD8AB31707C9E8
                                            Malicious:false
                                            Reputation:low
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635661" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                            C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\tO8laPAv1k.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):979567347
                                            Entropy (8bit):0.03060958236967409
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F3AF0F63D10A2AB959F5F9673D03F5C8
                                            SHA1:EFE3C6C96C4F2D539F9BE904B92049DC19385A20
                                            SHA-256:65A22634B13EC90D85E6F2B5B854C5889828E7E240C6E478CF5D2278C61E5F8A
                                            SHA-512:EF1D18FE8C2A75B87A2BF364B0CF8E28A57B45A1EE8021E26A1A731E1CD545CB1274E46F07CF8D8263709446F416E7B2FEB29A6C6C4F2A4B1C267C05B4CBE216
                                            Malicious:true
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.............................4............@..................................f....@..................................+..........\................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc...\............d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\appcompat\Programs\Amcache.hve

                                            Download File
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:MS Windows registry file, NT/2000 or above
                                            Category:dropped
                                            Size (bytes):1835008
                                            Entropy (8bit):4.466389187397973
                                            Encrypted:false
                                            SSDEEP:6144:7IXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNCdwBCswSbt:cXD94zWlLZMM6YFHY+t
                                            MD5:C8A57D4B0CAA30027C22DD1141A7A056
                                            SHA1:C8183538F78D596C877B55631BCBDE3B412420C0
                                            SHA-256:EB3A61BB4CFCB6E63B1E285E2324DD6EFBB39305CFF1AC896D00A24D8E599F4C
                                            SHA-512:72836D9A1B8C33876369FF2246AAA6D88D725F2EE832D31B6691D793F7432DA2A595185900271F45C8B60717EEDF9ED3ACABA8EE04A7C588EC1D084BF672D18F
                                            Malicious:false
                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.I.y.P.................................................................................................................................................................................................................................................................................................................................................M........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.124489432610296
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:tO8laPAv1k.exe
                                            File size:1'862'656 bytes
                                            MD5:8046eee34b90a417ac4ee92408958f89
                                            SHA1:1901fb1665abda5de29a8f4e64c0c5271e560431
                                            SHA256:a605b2e7e9e9da0bf74726d132b18800e81b36d2a8e6ffcc35f428a5d0e7aadf
                                            SHA512:b8071e6d836eb0d47f5ff702eeeff96d4ce4b808e82ff8639854ec7ae529e54529e12054aac58f42ba35cd79566b62bcc2b14a60cc350ce64253e5108e48251d
                                            SSDEEP:49152:Ugrot4D8wGqk9gnCLLsXMfMo4o/hss5MbokKwSpl+UgvjykyCiTr50fGAbV7FzPd:lrotS8T39gnCPR7W
                                            TLSH:72859E10FB4F407ADAA16230A1A1636280297F9B5B03C1D7F56E3C3B1A515E15F3AFB6
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0.......1.......3.......*.....].3.....^.=.....H.%.....O.?.....X.'...0.........A......._.1.....Z.1...Rich0..........

                                            File Icon

                                            Icon Hash:0f0371696969030e

                                            Static PE Info

                                            General

                                            Entrypoint:0x4734dc
                                            Entrypoint Section:.text
                                            Digitally signed:true
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x65EABAFA [Fri Mar 8 07:15:06 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:5
                                            OS Version Minor:0
                                            File Version Major:5
                                            File Version Minor:0
                                            Subsystem Version Major:5
                                            Subsystem Version Minor:0
                                            Import Hash:95c864c12aad39a0a38f3fd87dabadf6

                                            Authenticode Signature

                                            Signature Valid:
                                            Signature Issuer:
                                            Signature Validation Error:
                                            Error Number:
                                            Not Before, Not After
                                              Subject Chain
                                                Version:
                                                Thumbprint MD5:
                                                Thumbprint SHA-1:
                                                Thumbprint SHA-256:
                                                Serial:

                                                Entrypoint Preview

                                                Instruction
                                                call 00007F7AF87FF41Ch
                                                jmp 00007F7AF87FEC3Ch
                                                cmp ecx, dword ptr [00496028h]
                                                jne 00007F7AF87FEF04h
                                                rep ret
                                                jmp 00007F7AF87FF49Eh
                                                int3
                                                jmp dword ptr [0047C31Ch]
                                                mov edi, edi
                                                push ebp
                                                mov ebp, esp
                                                test byte ptr [ebp+08h], 00000002h
                                                push edi
                                                mov edi, ecx
                                                je 00007F7AF87FEF27h
                                                push esi
                                                push 00473BC4h
                                                lea esi, dword ptr [edi-04h]
                                                push dword ptr [esi]
                                                push 0000000Ch
                                                push edi
                                                call 00007F7AF87FF0C7h
                                                test byte ptr [ebp+08h], 00000001h
                                                je 00007F7AF87FEF09h
                                                push esi
                                                call 00007F7AF87FE228h
                                                pop ecx
                                                mov eax, esi
                                                pop esi
                                                jmp 00007F7AF87FEF16h
                                                call 00007F7AF87FF595h
                                                test byte ptr [ebp+08h], 00000001h
                                                je 00007F7AF87FEF09h
                                                push edi
                                                call 00007F7AF87FE211h
                                                pop ecx
                                                mov eax, edi
                                                pop edi
                                                pop ebp
                                                retn 0004h
                                                jmp dword ptr [0047C304h]
                                                push 00000014h
                                                push 0048BD98h
                                                call 00007F7AF87FF2F7h
                                                push dword ptr [004988A0h]
                                                mov esi, dword ptr [0047C35Ch]
                                                call esi
                                                pop ecx
                                                mov dword ptr [ebp-1Ch], eax
                                                cmp eax, FFFFFFFFh
                                                jne 00007F7AF87FEF0Eh
                                                push dword ptr [ebp+08h]
                                                call dword ptr [0047C360h]
                                                pop ecx
                                                jmp 00007F7AF87FEF69h
                                                push 00000008h
                                                call 00007F7AF87FF521h
                                                pop ecx
                                                and dword ptr [ebp-04h], 00000000h
                                                push dword ptr [004988A0h]
                                                call esi
                                                mov dword ptr [ebp-1Ch], eax
                                                push dword ptr [0049889Ch]
                                                call esi
                                                pop ecx
                                                pop ecx
                                                mov dword ptr [ebp-20h], eax
                                                lea eax, dword ptr [ebp-20h]

                                                Rich Headers

                                                Programming Language:
                                                • [C++] VS2005 build 50727
                                                • [ C ] VS2005 build 50727
                                                • [IMP] VS2005 build 50727
                                                • [ASM] VS2008 build 21022
                                                • [ C ] VS2008 build 21022
                                                • [C++] VS2008 build 21022
                                                • [IMP] VS2008 build 21022
                                                • [RES] VS2008 build 21022
                                                • [LNK] VS2008 build 21022

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x92b840x1f4.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x990000x13075c.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xe1a000x5398.rsrc
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xd70000xa0e0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x7cef00x1c.rdata
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x886b00x40.rdata
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x7c0000xe70.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x7b0000x7a800437ea4ee30fdb5840630414f6566641cFalse0.4937838807397959data6.60927501675882IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x7c0000x1a0000x19c003b400efe65270b63067ac97b9ecd3b54False0.30643203883495146data4.618234948722544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x960000x30000x1c00d49f398adb436223c993c2cd85f5add0False0.2431640625data4.453447405966862IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x990000x13075c0x1308002b798d88be52250527169ad2dd9d2700False0.5177464978448276data7.216948049217483IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                PNG0x999f00xb8aPNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedChineseChina1.0037237643872714
                                                RT_BITMAP0x9a57c0x248Device independent bitmap graphic, 64 x 15 x 4, image size 480, 16 important colorsChineseChina0.1267123287671233
                                                RT_BITMAP0x9a7c40xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128, 16 important colorsChineseChina0.4698275862068966
                                                RT_ICON0x9a8ac0x58caPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseChina0.9969643642762869
                                                RT_ICON0xa01780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584ChineseChina0.13680054418549628
                                                RT_ICON0xb09a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016ChineseChina0.27982446920327936
                                                RT_ICON0xb9e480x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560ChineseChina0.267406015037594
                                                RT_ICON0xc06300x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600ChineseChina0.31497227356746765
                                                RT_ICON0xc5ab80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896ChineseChina0.26452527161076994
                                                RT_ICON0xc9ce00x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 14880ChineseChina0.3460455764075067
                                                RT_ICON0xcd7280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.39066390041493776
                                                RT_ICON0xcfcd00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720ChineseChina0.392603550295858
                                                RT_ICON0xd17380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.4294090056285178
                                                RT_ICON0xd27e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400ChineseChina0.5868852459016394
                                                RT_ICON0xd31680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680ChineseChina0.6319767441860465
                                                RT_ICON0xd38200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.6968085106382979
                                                RT_MENU0xd3c880x1e8Matlab v4 mat-file (little endian) D, numeric, rows 4587536, columns 7077993, imaginaryChineseChina0.4774590163934426
                                                RT_MENU0xd3e700x1e0Matlab v4 mat-file (little endian) S, numeric, rows 4980752, columns 5439561, imaginaryChineseChina0.4979166666666667
                                                RT_DIALOG0xd40500x1d8dataChineseChina0.5932203389830508
                                                RT_DIALOG0xd42280x70dataChineseChina0.7857142857142857
                                                RT_DIALOG0xd42980x34dataChineseChina0.8461538461538461
                                                RT_DIALOG0xd42cc0x304dataChineseChina0.46113989637305697
                                                RT_DIALOG0xd45d00x1a0dataChineseChina0.49038461538461536
                                                RT_DIALOG0xd47700x104dataChineseChina0.65
                                                RT_DIALOG0xd48740x3cadataChineseChina0.4402061855670103
                                                RT_DIALOG0xd4c400x472dataChineseChina0.36203866432337434
                                                RT_DIALOG0xd50b40x2aadataChineseChina0.4472140762463343
                                                RT_DIALOG0xd53600x1f8dataChineseChina0.46825396825396826
                                                RT_DIALOG0xd55580x328dataChineseChina0.42945544554455445
                                                RT_DIALOG0xd58800x32cdataChineseChina0.4630541871921182
                                                RT_DIALOG0xd5bac0x21cdataChineseChina0.5222222222222223
                                                RT_DIALOG0xd5dc80x120dataChineseChina0.5590277777777778
                                                RT_DIALOG0xd5ee80x1f0dataChineseChina0.5544354838709677
                                                RT_DIALOG0xd60d80x2fedataChineseChina0.46866840731070497
                                                RT_DIALOG0xd63d80x6cdataChineseChina0.7777777777777778
                                                RT_STRING0xd64440x48dataChineseChina0.6944444444444444
                                                RT_GROUP_ICON0xd648c0xbcdataChineseChina0.7074468085106383
                                                RT_VERSION0xd65480x30cdataChineseChina0.45256410256410257
                                                RT_DLGINCLUDE0xd68540x6dc36PC bitmap, Windows 3.x format, 56434 x 2 x 42, image size 450334, cbSize 449590, bits offset 540.6961364799039125
                                                RT_ANIICON0x14448c0xdaa3PC bitmap, Windows 3.x format, 7045 x 2 x 37, image size 56145, cbSize 55971, bits offset 540.4000107198370585
                                                RT_ANIICON0x151f300xaaedPC bitmap, Windows 3.x format, 6243 x 2 x 42, image size 44422, cbSize 43757, bits offset 540.3375231391548781
                                                RT_ANIICON0x15ca200x9fbfPC bitmap, Windows 3.x format, 5783 x 2 x 54, image size 41099, cbSize 40895, bits offset 540.4155520234747524
                                                RT_ANIICON0x1669e00x35670PC bitmap, Windows 3.x format, 27987 x 2 x 44, image size 218734, cbSize 218736, bits offset 540.468103101455636
                                                RT_ANIICON0x19c0500x2d6f5PC bitmap, Windows 3.x format, 23723 x 2 x 46, image size 186150, cbSize 186101, bits offset 540.4957200659856744
                                                None0x1c97480x14dataChineseChina1.25

                                                Imports

                                                DLLImport
                                                KERNEL32.dllGetModuleHandleW, GetProcAddress, lstrlenW, GetLastError, LoadLibraryW, SetLastError, MulDiv, GetPrivateProfileStringW, GetVolumeInformationW, ExpandEnvironmentStringsW, FindFirstFileW, FindNextFileW, FindClose, InterlockedDecrement, CloseHandle, GetModuleFileNameW, InterlockedExchange, QueryPerformanceFrequency, QueryPerformanceCounter, GetCurrentProcess, CreateMutexW, Sleep, GetSystemTimeAsFileTime, GetLogicalDrives, GetDriveTypeW, GetLongPathNameW, GetVersion, GetVolumeNameForVolumeMountPointW, GetTickCount, WideCharToMultiByte, SetPriorityClass, GetPriorityClass, GetSystemPowerStatus, LeaveCriticalSection, FreeLibrary, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, CreateThread, WaitForMultipleObjects, CreateFileW, DeviceIoControl, HeapFree, GetProcessHeap, GetCommandLineW, LocalFree, MultiByteToWideChar, GetComputerNameW, GetDiskFreeSpaceW, GetFileAttributesW, FileTimeToSystemTime, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetCurrentProcessId, EnterCriticalSection, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, lstrlenA, LocalFileTimeToFileTime, DosDateTimeToFileTime, ReadFile, FormatMessageW, GetDiskFreeSpaceExW, FlushFileBuffers
                                                USER32.dllSetRectEmpty, EnableWindow, LoadBitmapW, GetDC, DrawTextW, ReleaseDC, CopyRect, DestroyCursor, SetCapture, GetCapture, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, ReleaseCapture, InsertMenuW, CreateMenu, GetWindowLongW, GetMenuItemInfoW, UnionRect, GetMenuBarInfo, EnableMenuItem, ModifyMenuW, GetMenuState, LoadImageW, GetSysColorBrush, SetWindowLongW, OffsetRect, SendNotifyMessageW, AppendMenuW, CreatePopupMenu, GetActiveWindow, MessageBoxW, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, DispatchMessageW, GetSysColor, GetCursor, DrawIcon, LoadIconW, IsIconic, PostMessageW, KillTimer, SetTimer, LoadCursorW, SetCursor, GetSystemMetrics, GetSubMenu, CheckMenuItem, GetMenuItemID, GetMenuItemCount, LoadMenuW, GetLastInputInfo, ExitWindowsEx, SetPropW, SetForegroundWindow, EnumWindows, GetPropW, GetComboBoxInfo, InvalidateRect, InflateRect, GrayStringW, DrawTextExW, TabbedTextOutW, IsWindowVisible, IsWindow, ScreenToClient, GetCursorPos, RedrawWindow, PtInRect, TrackMouseEvent, GetParent, GetClientRect, SetRect, FrameRect, FillRect, GetWindowRect, SendMessageW
                                                GDI32.dllCreateSolidBrush, Escape, ExtTextOutW, PtVisible, CreatePen, GetDCBrushColor, GetBkMode, CreateRoundRectRgn, CreatePatternBrush, SetBrushOrgEx, FillRgn, FrameRgn, BeginPath, EndPath, FillPath, CreateFontIndirectW, Rectangle, GetDeviceCaps, PatBlt, RectVisible, GetBkColor, DPtoLP, GetMapMode, CreateCompatibleBitmap, LPtoDP, CreateFontW, GetTextMetricsW, TextOutW, GetTextExtentPoint32W, GetCurrentObject, GetDIBColorTable, StretchBlt, BitBlt, GetObjectW, SetDIBColorTable, SelectObject, CreateDIBSection, CreateCompatibleDC, DeleteDC, DeleteObject
                                                MSIMG32.dllAlphaBlend, TransparentBlt, GradientFill
                                                ADVAPI32.dllQueryServiceConfigW, GetUserNameW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, ChangeServiceConfigW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, StartServiceW, ControlService, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegOpenKeyW, AdjustTokenPrivileges
                                                SHELL32.dllSHGetFileInfoW, ShellExecuteW, SHGetSpecialFolderPathW, SHBrowseForFolderW, SHGetPathFromIDListW, Shell_NotifyIconW, SHQueryRecycleBinW, SHEmptyRecycleBinW, CommandLineToArgvW
                                                COMCTL32.dllInitCommonControlsEx, _TrackMouseEvent
                                                SHLWAPI.dllPathFileExistsW, StrFormatByteSizeW, ColorAdjustLuma, StrFormatKBSizeW
                                                ole32.dllCoSetProxyBlanket, CoUninitialize, CoInitialize, CoCreateInstance, CoTaskMemFree
                                                OLEAUT32.dllSysFreeString, VariantInit, VariantClear, SysAllocString
                                                gdiplus.dllGdipGetImageEncoders, GdipGetImageEncodersSize, GdipSaveImageToFile, GdipDeleteFont, GdipCreateFont, GdipDeleteFontFamily, GdipGetGenericFontFamilySansSerif, GdipCreateFontFamilyFromName, GdipDeleteCachedBitmap, GdipCreateCachedBitmap, GdipDrawCachedBitmap, GdipMeasureString, GdipDrawString, GdipFillPath, GdipFillPie, GdipFillEllipse, GdipFillRectangle, GdipDrawPath, GdipDrawPie, GdipDrawEllipse, GdipDrawRectangle, GdipDrawLine, GdipSetSmoothingMode, GdipCreateFromHDC, GdipAddPathPath, GdipAddPathArc, GdipAddPathLine, GdipResetPath, GdipDeletePath, GdipCreatePath, GdipSetStringFormatFlags, GdipDeleteStringFormat, GdipCreateStringFormat, GdipSetPenBrushFill, GdipSetPenColor, GdipDeletePen, GdipCreatePen2, GdipCreatePen1, GdipSetLineColors, GdipCreateLineBrushI, GdipCreateLineBrush, GdipSetSolidFillColor, GdipCreateSolidFill, GdipCloneBrush, GdipDeleteBrush, GdiplusShutdown, GdiplusStartup, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromFile, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipDrawImageI, GdipDeleteGraphics, GdipGetImageGraphicsContext, GdipDisposeImage, GdipAlloc, GdipFree, GdipFillRectangleI
                                                UxTheme.dllDrawThemeBackground, CloseThemeData, OpenThemeData
                                                WINMM.dllmciGetErrorStringW, mciSendCommandW

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                ChineseChina

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-12-17T20:18:30.653870+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.161.43.182845192.168.2.449731TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 17, 2024 20:18:29.197453022 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:29.316997051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:29.317111969 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:29.317266941 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:29.437033892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:30.531914949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:30.533329964 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:30.653870106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:30.909262896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:30.918224096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.038032055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310462952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310827971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310885906 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.310921907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310934067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310947895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.310990095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.310997009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.311009884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.311037064 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.311094046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.311131954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.313169003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.313240051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.314316034 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.320260048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.322021008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.322103977 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.433181047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.433285952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.433372974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.508949995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.509052038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.509150028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.512852907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.514549971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.514591932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.514672041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.518995047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.519067049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.519140959 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.526935101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.527010918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.527102947 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.534766912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.534841061 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.534898996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.542758942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.542890072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.542962074 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.550653934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.550676107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.550753117 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.558557034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.558615923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.558732986 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.566565037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.566648006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.566777945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.574250937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.574280977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.574377060 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.582138062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.582319975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.582422018 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.589575052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.589670897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.593024015 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.596760035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.650228024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.701116085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.701141119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.701203108 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.704581022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.704727888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.705203056 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.711991072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.714616060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.714634895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.714793921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.721909046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.722004890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.722142935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.726480007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.726566076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.726617098 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.730952024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.731024981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.731076956 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.735280991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.735353947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.735430002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.739622116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.739670992 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.739731073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.744034052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.744096994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.744146109 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.748426914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.748498917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.748550892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.752964973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.753171921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.753226042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.757141113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.757311106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.757375002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.761538029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.761591911 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.761641026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.765896082 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.765950918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.765952110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.770184040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.770291090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.770344019 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.774710894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.774806976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.774852991 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.778971910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.779095888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.779149055 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.783344984 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.783498049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.783548117 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.787697077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.787784100 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.787822008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.792114019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.792170048 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.792253971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.796509981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.796547890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.796605110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.800887108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.800987005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.801044941 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.821482897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.821568966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.821590900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.823590040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.823879957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.894115925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.894285917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.895636082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.896161079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.896841049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.896965027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.897017002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.900856972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.900952101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.901011944 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.904752016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.904829979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.904985905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.909657955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.909693003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.909748077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.912543058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.912597895 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.912643909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.916240931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.916300058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.916379929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.919703007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.919756889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.919787884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.923155069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.923242092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.923300028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.926665068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.926758051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.926769972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.930003881 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.930073023 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.930119038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.933818102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.933852911 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.933912039 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.936489105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.936525106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.936551094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.939587116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.939845085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.939902067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.942898035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.942951918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.943008900 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.946032047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.946082115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.946603060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.949248075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.949306011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.949368954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.952460051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.952527046 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.952533960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.976330996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.976386070 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.976388931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.976481915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.976634979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.976661921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.977195024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.977365971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.977421045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.977880001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.977931976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.977992058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978185892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978219986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978243113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.978708982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978717089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978765965 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.978770971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.978832960 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.979073048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.979125023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.979176998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.985678911 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.985734940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.985768080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.985882998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.985951900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.985996008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986006021 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986049891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986082077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986130953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986116886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986166954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986177921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986200094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986234903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986316919 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986318111 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986351013 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986370087 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986385107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986418009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986450911 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986474037 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986485958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986501932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.986815929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986917973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.986974001 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.988864899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.988929033 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.988974094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.990756035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.990833044 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.990880966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.992722988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.992790937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.992856026 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.994988918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.995023966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.995059013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:31.996716976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:31.996999025 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.086642027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.086714029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.086949110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.087647915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.087749958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.087866068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.143599033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.143644094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.143724918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.143882036 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.144046068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.144107103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.145836115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.145896912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.146054983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.147850037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.148715019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.148855925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.149766922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.149849892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.149924994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.151709080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.151767969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.151902914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.153651953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.153754950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.153815031 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.155986071 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.156025887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.156081915 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.157571077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.157965899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.158030987 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.159845114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.159884930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.160031080 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.161561012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.161673069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.161849976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.163712025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.163752079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.163804054 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.165719032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.165755033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.166110039 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.167289019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.167371035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.167839050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.197876930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.197916985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.198112011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.198496103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.198549032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.198616028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.200620890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.200656891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.200719118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.202389956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.202451944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.202548027 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.204737902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.204791069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.204848051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.206233978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.206370115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.206423998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.208436012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.208473921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.208530903 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.210587025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.210629940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.210679054 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.212651014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.212685108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.212758064 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.214411974 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.214449883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.214720011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.216229916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.216367006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.216464996 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.218374014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.218410015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.218460083 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.220176935 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.220212936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.220310926 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.222207069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.222259998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.222352982 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.223896027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.224328995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.224379063 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.226243019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.226279020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.226350069 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.227956057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.228363037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.228423119 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.229847908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.229899883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.229974985 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.232105970 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.232141018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.232219934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.233917952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.233953953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.234095097 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.235735893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.235750914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.235806942 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.237900972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.237915039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.237977982 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.240062952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.240103006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.240241051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.241545916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.241641998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.241692066 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.243643045 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.243671894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.243716002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.245874882 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.245888948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.245930910 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.247739077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.247752905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.247795105 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.249634027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.249648094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.249697924 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.251297951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.251430988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.251480103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.253215075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.253282070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.253324986 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.255403996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.255436897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.255479097 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.257249117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.257282019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.257508993 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.259344101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.259375095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.259428024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.261034012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.261424065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.261524916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.263227940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.263258934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.263307095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.264904976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.278687954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.278724909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.278821945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.279148102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.279184103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.279211998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.280819893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.280884027 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.281275034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.282751083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.282825947 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.282865047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.285012960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.285051107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.285074949 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.286945105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.287431955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.287502050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.288876057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.288937092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.288944006 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.290621042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.290657043 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.290721893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.292670012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.292715073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.292773962 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.294415951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.294451952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.294498920 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.296396017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.296431065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.296474934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.298085928 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.298120975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.298140049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.299974918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.300020933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.300051928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.301748991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.301786900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.301856041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.303462029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.303498030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.303529978 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.305270910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.305634022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.305711985 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.307288885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.307343006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.307358027 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.308908939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.309200048 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.309346914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.310992956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.311031103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.311079979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.312618971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.312658072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.312675953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.314496994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.314606905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.314662933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.316334963 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.316375017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.316387892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.317965031 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.318275928 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.318335056 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.319802999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.319839001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.319864035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.321815014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.321851969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.321878910 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.323765039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.323801041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.323827982 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.325014114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.325153112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.325206995 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.327047110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.327097893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.327574968 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.328675985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.329077959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.329185963 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.330445051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.330811024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.330882072 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.332236052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.332308054 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.332389116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.334177971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.334197998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.334235907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.335850000 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.335901976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.336205959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.337647915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.337732077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.338083982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.339653015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.339665890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.339705944 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.341207981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.341576099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.341630936 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.343159914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.343194962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.343219042 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.344934940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.345071077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.345379114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.346777916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.346813917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.346868992 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.348400116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.348437071 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.348464012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.350481033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.350517035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.350574970 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.352011919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.352082968 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.352149010 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.354057074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.354099035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.354161024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.355576992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.355639935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.355659008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.357517004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.357554913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.357614040 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.358808041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.358865976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.359256029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.360517025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.360553026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.360613108 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.361757994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.361881018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.361941099 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.363298893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.363359928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.363445044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.365109921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.365144014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.365202904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.366739035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.366786003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.366805077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.368061066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.368177891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.368231058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.369864941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.369900942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.369956970 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.371460915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.371526957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.471473932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.471501112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.471633911 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.471791029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.471811056 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.471846104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.472414017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.472503901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.472771883 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.473064899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.473170042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.473783970 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.473846912 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.473891020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.473932028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.474546909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.474745989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.475301027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.475354910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.475362062 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.475408077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.475944996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.476011992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.476632118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.476633072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.476730108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.477536917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.477648020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.477711916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.477711916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.478132963 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.478220940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.478904009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.478961945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.479249001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.479294062 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.479645967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.479741096 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.480257034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.480305910 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.480392933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.480441093 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.481009960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.481087923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.481133938 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.481702089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.481766939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.482441902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.482496977 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.482603073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.482654095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.483124971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.483261108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.483925104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.483999014 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.484220028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.484268904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.484743118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.484883070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.485325098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.485392094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.485508919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.486030102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.486079931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.486087084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.486129999 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.486741066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.486792088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.487587929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.487669945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.487706900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.487755060 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.488193035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.488326073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.488703012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.489015102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.489109993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.489671946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.489727974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.489759922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.489814997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.490360022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.490456104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.491097927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.491120100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.491143942 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.491182089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.491827011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.491990089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.492039919 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.492522955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.492609978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.493077040 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.493271112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.493406057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.493962049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.494010925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.494091034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.494134903 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.494400024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.494432926 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.494679928 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.494839907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.495217085 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.495418072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.495517015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.496198893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.496222973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.496383905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.496859074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.496948957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.496978998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.497060061 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.497562885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.497654915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.498296976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.498368979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.498507977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.498554945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.499036074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.499105930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.499795914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.499814987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.499838114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.499870062 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.500448942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.500730038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.500772953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.501164913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.501286030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.501652002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.502032042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.502119064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.502876997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.502933979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.502938986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.502979040 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.503343105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.503442049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.504086971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.504136086 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.504275084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.504314899 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.504796028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.504869938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.505485058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.505527973 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.505601883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.505645037 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.506243944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.506361008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.506953001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.507002115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.507071972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.507122993 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.507716894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.507777929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.508405924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.508447886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.508480072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.508524895 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.509115934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.523200989 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.523248911 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.664244890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.664349079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.664705038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.664724112 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.664865971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.665371895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.665420055 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.665499926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.665572882 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.666188002 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.666224957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.667129040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.667165041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.667242050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.667382956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.667421103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.667535067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.668104887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.668158054 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.668199062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.668247938 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.668880939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.668987989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.669891119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.669934034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.669945002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.669981003 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.670378923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.670417070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.670965910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.671003103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.671015978 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.671051025 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.671814919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.671909094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.672596931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.672647953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.672754049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.672801971 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.673523903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.673559904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.673610926 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.673959017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.673995972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.674617052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.674663067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.674725056 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.674773932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.675406933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.675530910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.676043987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.676094055 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.676142931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.676197052 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.676805019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.676841021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.676887035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.677514076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.677604914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.677653074 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.678219080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.678365946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.679012060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.679071903 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.679177999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.679634094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.679686069 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.679792881 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.679841995 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.680376053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.680476904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.680526972 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.681114912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.681251049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.681304932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.681806087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.681905031 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.682543039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.682610035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.682657957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.682706118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.683334112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.683484077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.683582067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.683949947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.684036016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.684078932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.684685946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.684801102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.684849977 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.685412884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.685509920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.685559988 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.686136007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.686252117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.686853886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.686893940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.686953068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.686995029 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.687572956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.687695026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.687741041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.688131094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.688155890 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.688262939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.688385963 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.688431978 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.689205885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.689315081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.689357996 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.689811945 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.689899921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.689943075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.690500021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.690596104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.691167116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.691210032 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.691289902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.691334963 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.691900969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.692013025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.692465067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.692605019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.692737103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.692780972 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.693317890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.693363905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.693408012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.694087982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.694269896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.694309950 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.694950104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.695035934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.695609093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.695624113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.695652008 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.695681095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.696293116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.696418047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.696471930 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.696986914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.697069883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.697114944 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.697663069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.697782993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.698380947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.698431969 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.698487997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.698585987 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.699170113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.699259996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.699810028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.699856043 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.699918032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.699956894 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.700558901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.700676918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.700743914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.701283932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.701296091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.701334000 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.701947927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.704829931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.704907894 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.862345934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.862515926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.862565994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.862719059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.862798929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.863419056 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.863466024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.863507986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.863554955 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.864177942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.864238024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.864773989 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.864876986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.865016937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.865531921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.865571022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.865632057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.865685940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.866287947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.866544962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.866590023 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.867039919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.867264032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.867754936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.867798090 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.867825031 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.867868900 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.868486881 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.868635893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.869055033 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.869196892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.869240999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.869980097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.870021105 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.870079041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.870125055 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.870630980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.870682955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.871393919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.871444941 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.871505976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.871617079 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.872076988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.872267962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.872802973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.872863054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.872884035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.872910023 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.873511076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.873635054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.873675108 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.874258041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.874360085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.874403954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.874995947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.875106096 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.875710964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.875757933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.875777960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.875817060 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.876431942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.876578093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.876682997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.877165079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.877310991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.878016949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.878062010 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.878071070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.878110886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.878634930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.878842115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.879230976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.879494905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.879508018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.879554033 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.880311012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.880511999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.880806923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.880831003 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.880853891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.880896091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.881459951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.881728888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.882195950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.882244110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.882348061 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.882391930 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.882886887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.882987976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.883690119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.883740902 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.883780003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.883826017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.884376049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.884685993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.884732008 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.885111094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.885155916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.885200977 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.885838032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.885921001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.886491060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.886533976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.886635065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.886676073 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.887226105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.887583017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.887970924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.888016939 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.888081074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.888117075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.888737917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.888839960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.889106035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.889477015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.889556885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.889597893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.890114069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.890347004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.890824080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.890872955 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.890923023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.890974045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.891588926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.891985893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.892330885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.892347097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.892379045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.892407894 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.893127918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.893183947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.893238068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.893728018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.894020081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.894488096 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.894536018 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.894552946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.894635916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.895195007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.895277023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.895924091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.895973921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.896023035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.896115065 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.896616936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.896857023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.897310972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.897356033 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.897361994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.897397995 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.898205996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.898313999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.898758888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.898814917 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.898850918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.898895025 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.899482965 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.899605036 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.899746895 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.900173903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:32.917926073 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:32.917959929 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.055083990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.055160046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.055226088 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.055448055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.055617094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.056276083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.056318998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.056406021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.056453943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.057244062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.057365894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.057411909 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.057792902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.057940006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.058396101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.058435917 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.058490992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.058533907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.059043884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.059106112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.059880972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.059923887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.059964895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.060007095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.060714006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.060847044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.061216116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.061291933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.061300993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.061343908 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.061811924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.062134981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.062561035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.062604904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.062702894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.062750101 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.063252926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.063361883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.064116001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.064158916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.064238071 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.064284086 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.065074921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.065218925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.065629005 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.065810919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.065923929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.066479921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.066533089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.066606998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.066663980 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.067341089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.067490101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.068092108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.068149090 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.068178892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.068221092 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.068752050 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.068813086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.069253922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.069297075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.069304943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.069344044 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.069950104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.069982052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.070045948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.070476055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.070569992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.070614100 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.071197987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.071363926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.071877003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.071916103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.072001934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.072062016 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.072633028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.072701931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.073322058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.073364973 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.073453903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.073501110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.074057102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.074184895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.074228048 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.074774981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.074883938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.075517893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.075562000 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.075628042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.075671911 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.076236010 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.076364040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.076940060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.076982975 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.077064037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.077102900 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.077666044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.077754974 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.078248024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.078366995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.078480959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.079101086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.079140902 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.079159975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.079200029 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.079823971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.079971075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.080014944 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.080543041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.080666065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.081247091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.081254959 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.081357002 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.081979990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.082020998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.082083941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.082123995 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.082704067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.082806110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.083429098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.083472967 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.083642960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.083684921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.084124088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.084198952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.084888935 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.084932089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.084948063 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.084989071 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.085585117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.085762024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.086338043 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.086381912 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.086394072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.086433887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.087050915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.087232113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.087279081 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.087775946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.087846994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.088243008 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.088521957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.088613987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.088857889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.089230061 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.089293003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.089632034 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.089987040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.090070963 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.090723038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.090765953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.090841055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.090881109 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.091392040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.091478109 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.092084885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.092129946 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.092206955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.092247009 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.092756987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.156145096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.159149885 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.247545958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.247613907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.247697115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.247796059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.247905970 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.247967958 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.248974085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.249191999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.249250889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.249288082 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.249432087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.249475956 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.249931097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.250068903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.250185013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.250727892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.250816107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.250855923 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.251425982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.251486063 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.251533031 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.252142906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.252260923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.252329111 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.252845049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.252914906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.252970934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.253640890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.253660917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.253709078 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.254272938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.254364014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.254401922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.255021095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.255127907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.255207062 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.255726099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.255737066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.255799055 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.256438971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.256620884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.256671906 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.257263899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.257285118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.257340908 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.257886887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.257987022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.258029938 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.258657932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.258724928 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.258764029 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.259358883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.259428024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.259471893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.260107040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.260176897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.260215044 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.260781050 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.260987997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.261032104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.261507034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.261598110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.261641979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.262237072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.262305975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.262347937 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.262949944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.263067007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.263120890 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.263705969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.263834953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.263883114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.264430046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.264556885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.264604092 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.265130997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.265305996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.265351057 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.265861034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.265965939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.266175985 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.266557932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.266633987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.266681910 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.267326117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.267505884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.267553091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.268019915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.268088102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.268126011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.268798113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.268840075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.268934011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.269483089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.269563913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.269606113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.270201921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.270303011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.270350933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.270908117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.271074057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.271152973 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.271665096 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.271843910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.271997929 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.272325993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.272497892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.272624016 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.273184061 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.273386955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.273442030 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.273756027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.274004936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.274075031 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.274493933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.274733067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.274772882 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.275475025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.275566101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.275609016 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.275926113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.276158094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.276196003 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.276645899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.276792049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.276844978 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.277412891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.277543068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.277657032 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.278075933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.278245926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.278395891 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.278800964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.278939009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.279074907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.279488087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.279583931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.279627085 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.280249119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.280337095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.280386925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.280956984 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.281110048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.281174898 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.281689882 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.281773090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.281883955 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.282433033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.282676935 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.282829046 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.283154011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.283581972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.283624887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.283879995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.283893108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.283946037 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.284588099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.284756899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.285063982 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.285290956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.337716103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.439953089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.440068007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.440121889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.440171957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.440409899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.440455914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.440938950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.441056013 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.441103935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.441761017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.441855907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.441900969 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.442378998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.442481995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.442658901 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.443243980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.443466902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.443506002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.443969965 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.444061995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.444107056 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.444701910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.444714069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.444761992 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.445372105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.445542097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.445585966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.445938110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.446053982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.446095943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.446742058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.446815014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.447086096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.447407007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.447525024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.447562933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.448112965 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.448216915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.448262930 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.448875904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.449071884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.449115038 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.449702024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.449846983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.449889898 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.450334072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.450464964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.450505972 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.451081038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.451344967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.451391935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.451800108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.451925039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.452049017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.452430964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.452496052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.452563047 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.453156948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.453228951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.453272104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.453931093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.453975916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.454076052 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.454665899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.454813004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.454863071 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.455388069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.455499887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.455548048 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.456202030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.456273079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.456330061 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.456896067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.457024097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.457066059 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.457499027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.457564116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.457611084 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.458220005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.458295107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.458354950 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.458929062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.459109068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.459163904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.459657907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.459794998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.459837914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.460361958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.460417986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.460462093 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.461117983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.461163044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.461209059 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.461884975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.462018967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.462527037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.462541103 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.462625027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.462728024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.463387012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.463399887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.463459015 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.464114904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.464179993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.464227915 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.464721918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.464745998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.464829922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.465451002 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.465637922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.465753078 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.466145039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.466228008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.466356039 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.466922998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.467037916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.467097998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.467642069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.467737913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.467793941 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.468514919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.468619108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.468698025 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.469130993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.469219923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.469291925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.469850063 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.469950914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.470084906 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.470877886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.470913887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.470958948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.471208096 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.471256971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.471463919 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.472002983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.472227097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.472282887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.472661972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.472783089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.472826958 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.473386049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.473503113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.473541975 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.474088907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.474129915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.474179983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.474984884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.475135088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.475176096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.475519896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.475625038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.475815058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.476298094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.476419926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.476540089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.476980925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.477086067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.477135897 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.477648020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.525207996 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.640774012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.640882969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.640947104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.641011953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.641027927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.641069889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.641720057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.641774893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.641851902 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.642477989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.642514944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.642601967 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.643193007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.643209934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.643353939 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.643824100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.643850088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.643976927 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.644535065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.644634962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.644709110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.645293951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.645400047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.645452976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.646029949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.646136045 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.646198988 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.646716118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.646755934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.646799088 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.647440910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.647519112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.647564888 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.648200035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.648298025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.648350954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.648916960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.649019957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.649240971 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.649590015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.649701118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.649749994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.650319099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.650430918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.650527000 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.651051998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.651262999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.651321888 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.651776075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.651967049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.652015924 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.652579069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.652714968 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.652760983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.653214931 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.653384924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.653431892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.653966904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.654047966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.654474020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.654656887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.654757977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.654818058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.655378103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.655489922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.655539989 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.656162977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.656255960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.656358957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.656800032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.656977892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.657022953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.657588959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.657680988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.657908916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.658260107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.658379078 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.658432961 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.659003973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.659096956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.659142017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.659735918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.659753084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.659809113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.660460949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.660574913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.660734892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.661166906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.661250114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.661349058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.661870003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.662004948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.662056923 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.662723064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.662763119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.662806034 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.663353920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.663373947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.663429022 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.664021015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.664120913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.664161921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.664808989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.664953947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.665066957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.665541887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.665558100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.665616989 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.666201115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.666325092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.666392088 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.666934967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.667046070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.667160034 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.667735100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.667779922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.667943954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.668382883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.668494940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.668761015 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.669121981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.669246912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.669400930 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.669846058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.670106888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.670167923 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.670691013 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.670749903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.670811892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.671353102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.671370029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.671421051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.672013044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.672116995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.672171116 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.672696114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.672858953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.672954082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.673403978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.673593998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.673636913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.674149990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.674225092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.674276114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.674864054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.674978018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.675026894 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.675599098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.675678015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.675724983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.676265955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.676382065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.676460028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.677069902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.677181959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.677243948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.677767992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.677838087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.677879095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.678443909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.728337049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.832855940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.832886934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.832952976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.833153009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.833197117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.833271980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.833331108 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.833926916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.833997011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.834002972 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.834661961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.834763050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.834765911 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.835433006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.835480928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.835568905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.836169958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.836218119 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.836325884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.836796999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.836842060 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.836848021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.837532997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.837620020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.837759972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.838300943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.838361979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.838391066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.838989973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.839041948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.839236021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.839680910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.839728117 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.839797020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.840393066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.840446949 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.840526104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.841188908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.841228962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.841242075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.841837883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.841876984 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.841919899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.842607021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.842674017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.842747927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.843278885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.843342066 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.843384027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.844005108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.844048977 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.844170094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.844789982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.844808102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.844854116 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.845443964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.845561981 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.845582962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.846182108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.846227884 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.846314907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.846894979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.847028017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.847060919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.847626925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.847665071 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.847693920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.848361969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.848378897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.848407030 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.849056005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.849180937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.849236012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.849940062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.849961996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.849987030 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.850594997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.850666046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.850711107 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.851250887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.851267099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.851293087 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.851950884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.851998091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.852081060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.852674007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.852719069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.852724075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.853374004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.853416920 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.853507996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.854201078 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.854218006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.854264021 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.854852915 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.854908943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.854996920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.855539083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.855654955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.855709076 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.856277943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.856323957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.856383085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.856981039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.857050896 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.857065916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.857697964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.857752085 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.857800961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.858483076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.858627081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.858679056 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.859251976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.859303951 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.859335899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.859893084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.860059977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.860106945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.860594034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.860704899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.860753059 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.861330032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.861380100 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.861474037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.862049103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.862095118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.862195969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.862816095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.862832069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.862874031 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.863553047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.863607883 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.863807917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.864274025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.864372015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.864425898 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.864933968 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.864989042 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.865044117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.865648985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.865683079 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.865736008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.866437912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.866493940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.866519928 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.867160082 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.867218971 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.867245913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.867809057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.867877007 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.867932081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.868530989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.868623972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.868670940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.869297981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.869370937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.869381905 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.869971991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.870031118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:33.870062113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:33.915843010 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.024982929 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.025000095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.025036097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.025129080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.025140047 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.025192022 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.025769949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.025918007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.026324987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.026371002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.026424885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.026465893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.027043104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.027112007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.027295113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.027770042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.027827978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.027889013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.028621912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.028676987 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.028724909 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.029203892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.029316902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.029396057 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.029942989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.030003071 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.030056953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.030623913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.030782938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.030911922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.031332016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.031388044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.032053947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.032107115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.032133102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.032177925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.032852888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.032912016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.033489943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.033541918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.033638954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.033741951 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.034384012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.034548044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.034600019 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.034984112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.035000086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.035049915 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.035707951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.035845995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.036431074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.036478043 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.036509037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.036551952 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.037133932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.037218094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.037273884 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.037852049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.037971973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.038316011 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.038549900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.038691044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.039099932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.039539099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.039604902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.039854050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.040004015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.040137053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.040251017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.040719032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.040812016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.041335106 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.041424990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.041560888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.041768074 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.042160034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.042318106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.042361021 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.042892933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.042999983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.043189049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.043626070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.043886900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.044049025 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.044336081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.044410944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.044450045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.045080900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.045216084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.045267105 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.045779943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.045797110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.045842886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.046519995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.046639919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.046685934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.047203064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.047298908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.047353983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.047913074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.047956944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.048365116 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.048666954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.048749924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.048793077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.049379110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.049479008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.049532890 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.050096035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.050192118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.050451994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.050818920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.050889969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.050945997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.051548958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.051624060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.051700115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.052334070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.052464962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.052517891 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.052995920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.053070068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.053136110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.053761959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.053853989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.054423094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.054439068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.054555893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.054918051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.055268049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.055286884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.055337906 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.055902958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.056020021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.056068897 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.056601048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.056687117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.056832075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.057317972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.057393074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.057878017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.058079004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.058168888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.058238983 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.058770895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.059252024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.059297085 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.059593916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.059642076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.059688091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.060317039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.060396910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.060445070 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.060945034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.061022043 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.061116934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.061626911 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.061738014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.061783075 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.062378883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.062460899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.062510014 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.217086077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.217189074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.217259884 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.217420101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.217544079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.217943907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.218072891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.218225956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.218276024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.218755007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.218765974 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.218808889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.219062090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.219204903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.219254017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.219947100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.219990969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.220066071 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.232989073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233148098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233170033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233181953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233194113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233213902 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.233246088 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.233268976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233324051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233328104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.233335972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233349085 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233361959 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233374119 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.233408928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.233611107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233622074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233633995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233645916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233664989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233676910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233696938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233709097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233721018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233731985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233745098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.233939886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234031916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234076023 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234111071 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234122038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234162092 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234261990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234302998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234313965 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234328032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234338999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234342098 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234349966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234359980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234371901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234371901 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234383106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234385967 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234395027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234421968 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234442949 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234705925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234719038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234766006 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234920979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234942913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234956980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.234987020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.234996080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.235043049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.235415936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.235649109 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.235697985 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.236108065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.236203909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.236244917 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.236794949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.236891985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.237162113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.237598896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.237638950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.237700939 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.238203049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.238281012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.238404989 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.238991022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.239057064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.239200115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.239514112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.239742994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.240147114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.240185976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.240241051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.240287066 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.240834951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.240957022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.241000891 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.241485119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.241559982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.241763115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.242340088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.242611885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.242666960 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.243077040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.243148088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.243248940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.243962049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.244031906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.244215965 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.244714022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.244832039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.244878054 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.245421886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.245635986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.245731115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.246243000 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.246342897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.246436119 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.247020006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.247034073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.247070074 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.247634888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.247761011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.247836113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.248270988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.248382092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.248728037 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.248958111 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.249003887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.249056101 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.249460936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.249491930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.249578953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.250260115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.250279903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.250328064 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.250866890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.250984907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.251063108 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.251607895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.251715899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.251791954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.252341986 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.252437115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.252502918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.253010988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.253217936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.253253937 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.253813028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.253851891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.253896952 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.254437923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.254565001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.254679918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.410569906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.410584927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.410598040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.410665989 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.410682917 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.410717964 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.410921097 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.410990000 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.411003113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.411040068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.411339998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.411393881 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.411443949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.412013054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.412400007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.412460089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.412695885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.412745953 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.412812948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.413501978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.413513899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.413559914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.414185047 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.414237976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.414907932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.415066957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.415080070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.415124893 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.415688038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.415750980 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.415903091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.416253090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.416330099 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.416420937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.417072058 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.417253017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.417304039 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.417674065 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.417725086 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.418193102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.418468952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.418526888 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.418600082 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.419277906 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.419290066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.419333935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.420053005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.420270920 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.420332909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.420572042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.420619965 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.420741081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.421472073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.421530008 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.421880960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.422071934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.422084093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.422125101 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.422795057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.422848940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.423203945 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.423520088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.423532009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.423569918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.424194098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.424242020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.424561977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.424974918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.425021887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.425167084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.425844908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.425894022 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.425906897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.426422119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.426625013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.426930904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.427166939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.427179098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.427227974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.428015947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.428028107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.428066969 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.428607941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.428800106 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.429076910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.429455996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.429467916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.429496050 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.430202007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.430249929 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.430833101 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.430886984 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.430898905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.430937052 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.431539059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.431552887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.431581974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.432353020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.432389021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.432404041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.433092117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.433150053 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.433746099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.433757067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.433769941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.433804035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.434309006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.434384108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.434432030 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.435061932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.435347080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.435847998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.435882092 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.435934067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.436254025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.436461926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.436551094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.436578035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.437475920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.437499046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.437558889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.437872887 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.437927961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.437944889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.438738108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.438817024 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.438846111 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.439387083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.439440012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.439774036 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.440077066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.440126896 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.441745043 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444050074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444066048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444129944 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.444221973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444245100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444261074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444269896 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.444276094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444291115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444304943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.444307089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444339991 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.444870949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444890976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.444927931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.445698023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.446415901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.446432114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.446449041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.446470022 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.446505070 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.447087049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.447917938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.447935104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.447964907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.447985888 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.448077917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.494036913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.613679886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.613996029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.614007950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.614021063 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.614078999 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.614142895 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.614491940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.614660025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.614717007 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.615145922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.615328074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.615492105 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.616003036 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.616179943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.617151976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.617165089 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.617264032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.617682934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.617695093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.617754936 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.617778063 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.618019104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.618031979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.618073940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.618680000 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.618851900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.619374990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.619434118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.619751930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.619807005 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.620264053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.620435953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.620644093 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.620779037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.620791912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.620842934 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.621871948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.621885061 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.621937990 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.622488022 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.622500896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.622545004 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.623081923 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.623392105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.623462915 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.623820066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.624497890 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.624511003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.624558926 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.624656916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.624718904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.625185013 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.625196934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.625207901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.625219107 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.625231028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.625273943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.625313997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.627734900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.627747059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.627758026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.627809048 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.627878904 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.628401041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.628556967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.628624916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.629229069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.629240990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.629317045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.629565954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.629918098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.630198002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.630425930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.630439997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.630496979 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.631217003 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.631522894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.631597996 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.631939888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.632091045 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.632277012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.632616997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.632633924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.632678032 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.633105993 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.633778095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.633797884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.633846998 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.634263039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.634731054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.634819984 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.635078907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.635126114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.635582924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.635760069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.635826111 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.636069059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.636254072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.636667967 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.636933088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.637309074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.637491941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.637542009 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.637666941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.637706041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.638104916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.638439894 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.638863087 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.638941050 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.639116049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.639163017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.639761925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.640095949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.640155077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.640423059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.640429020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.640481949 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.641091108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.641273975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.641335964 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.641999006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.642013073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.642060041 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.642667055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.642827034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.642925978 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.643663883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.643853903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.643922091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.644197941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.644324064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.644367933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.644870043 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.644886017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.645041943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.646035910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.646050930 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.646099091 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.646387100 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.646403074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.646441936 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.647061110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.647417068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.647474051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.647759914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.647947073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.648061037 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.648443937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.648807049 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.648858070 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.649293900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.649310112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.649367094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.649945974 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.650114059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.650158882 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.650605917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.650743961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.650798082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.651298046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.697140932 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.805151939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.805171967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.805351973 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.805454969 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.805619001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.806375027 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.806479931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.806597948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.806647062 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.807219028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.807437897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.807965040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.808012009 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.808523893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.808568954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.808598042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.808610916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.809170961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.809185028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.809214115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.809242010 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.809760094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.809840918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.809884071 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.810647964 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.811059952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.811110020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.811381102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.811441898 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.811820030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.811872005 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.812019110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.812072992 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.812273979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.812285900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.812336922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.812890053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.813004017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.813400984 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.813452005 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.813994884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.814043999 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.814173937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.814296007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.814631939 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.814888954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.815599918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.815618992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.815632105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.815666914 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.815691948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.816155910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.816555023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.816625118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.816786051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.816797972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.816828966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.817491055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.817702055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.817753077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.818283081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.818295956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.818331957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.819112062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.819391012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.819747925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.819758892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.819801092 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.820416927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.820615053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.821088076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.821099997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.821154118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.821805954 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.821903944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.821959019 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.822527885 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.822583914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.822632074 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.823359966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.823481083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.824120998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.824193954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.824418068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.824470997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.824852943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.825262070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.825447083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.825494051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.825495958 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.825536966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.826126099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.826770067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.826948881 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.826961994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.827018976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.827047110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.827666044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.827677965 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.827725887 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.828330994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.828634977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.829186916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.829200029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.829236031 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.829262972 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.829727888 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.829994917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.830046892 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.830456018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.830686092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.831145048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.831198931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.831667900 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.831712961 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.831896067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.832051992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.832644939 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.832710028 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.833386898 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.833400011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.833412886 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.833434105 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.833461046 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.834069967 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.834208012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.834258080 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.834829092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.834840059 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.834888935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.835484982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.835546017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.835654974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.836268902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.836337090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.836499929 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.836951017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.837143898 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.837280035 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.837626934 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.837882042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.837928057 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.838500023 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.838512897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.838562012 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.839095116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.839270115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.839365959 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.839849949 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.839862108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.839916945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.840578079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.840641975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.840795994 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.841305017 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.841317892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.841363907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.842128038 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.884658098 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.996483088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.996530056 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.996731997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.996798992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.996897936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.996979952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.997004032 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.997591019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.997812033 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.997894049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.998246908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.998317957 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.998347998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.998989105 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.999248028 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.999316931 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.999695063 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:34.999753952 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:34.999784946 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.000487089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.000622988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.000668049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.001058102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.001133919 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.001352072 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.001801014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.001940012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.002005100 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.002479076 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.002537966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.002543926 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.003221035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.003381014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.003443956 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.003952026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.004151106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.004213095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.004704952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.004755020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.004812002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.005414009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.005494118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.005809069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.006135941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.006150007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.006205082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.006997108 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.007009983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.007111073 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.007555008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.007924080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.007992029 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.008261919 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.008399010 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.008656979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.009196997 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.009210110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.009258986 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.009727001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.009777069 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.009896994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.010437012 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.010730982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.010809898 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.011195898 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.011271954 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.011555910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.011889935 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.012103081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.012156963 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.012612104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.012625933 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.012664080 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.013374090 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.013390064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.013449907 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.014024973 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.014081001 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.014328957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.014811039 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.014822960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.014869928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.015459061 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.015532017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.015671015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.016212940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.016359091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.016419888 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.017018080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.017030001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.017113924 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.017657995 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.017708063 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.017988920 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.018600941 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.018826008 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.018891096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.019548893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.019562006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.019607067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.020446062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.020643950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.020692110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.021040916 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.021091938 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.021251917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.021697998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.021929026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.021981955 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.022315979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.022366047 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.022432089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.023154020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.023679018 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.023689985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.023705006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.023732901 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.023786068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.024136066 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.024326086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.024375916 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.024943113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.024955034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.025000095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.025619030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.025672913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.025748014 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.026541948 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.026556015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.026613951 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.027409077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.027421951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.027487993 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.028084040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.028095961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.028136015 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.028594971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.028646946 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.028671026 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.029239893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.029300928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.029306889 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.030002117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.030024052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.030080080 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.030661106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.030682087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.030716896 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.031369925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.031383991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.031420946 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.032069921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.032121897 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.032154083 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.032835007 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.033317089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.033397913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.033557892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.033633947 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.033808947 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.087703943 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.189357042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.189724922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.189763069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.189804077 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.189810991 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.189862013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.190309048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.190623999 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.190684080 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.190983057 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.191231966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.191315889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.191643953 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.191862106 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.191914082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.192466021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.192476988 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.192524910 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.193121910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.193180084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.193281889 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.193854094 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.194036961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.194091082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.194538116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.195106030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.195156097 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.195240021 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.195328951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.195379019 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.196016073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.196170092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.196217060 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.196733952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.197467089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.197482109 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.197495937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.197706938 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.198136091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.198630095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.198759079 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.198890924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.198904037 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.199033976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.199794054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.199843884 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.199893951 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.200299978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.200381994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.200472116 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.201021910 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.201221943 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.201278925 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.201778889 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.201791048 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.201839924 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.202467918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.202753067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.202807903 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.203175068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.203551054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.203596115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.203948975 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.203960896 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.204004049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.204703093 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.204969883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.205279112 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.205348015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.205589056 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.205640078 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.206104994 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.206816912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.206831932 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.206845045 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.206893921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.206929922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.207547903 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.207767010 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.207835913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.208242893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.208512068 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.208709002 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.209000111 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.209254980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.209764004 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.209775925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.209817886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.209850073 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.210391045 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.210882902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.210937023 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.211354971 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.211646080 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.211873055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.211981058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.212095976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.212162018 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.212698936 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.212816000 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.212867975 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.213283062 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.213469982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.213629007 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.214056015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.214198112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.214242935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.214797020 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.215049982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.215095997 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.215524912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.215884924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.215934992 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.216169119 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.216351032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.216393948 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.216901064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.217592955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.217642069 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.217643976 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.217655897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.217849016 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.218347073 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.218493938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.218612909 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.219208002 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.219388962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.219444036 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.219786882 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.220242977 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.220288038 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.220521927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.220835924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.220947027 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.221271992 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.221560955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.221946001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.222009897 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.222692013 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.222735882 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.222793102 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.222811937 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.222856045 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.223378897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.223670006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.224096060 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.224158049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.224250078 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.224389076 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.224900961 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.224951029 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.225012064 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.225641966 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.225655079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.225708008 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.226386070 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.226476908 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.226619959 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.226993084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.275211096 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.381779909 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.381851912 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.381954908 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.382028103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.382064104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.382652044 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386476040 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386488914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386499882 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386511087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386523962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386532068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386537075 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386590004 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386595011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386609077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386625051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386639118 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386652946 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386655092 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386668921 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386670113 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.386714935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.386838913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.387063980 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.387113094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.387579918 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.387594938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.387655020 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.388351917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.388452053 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.389127970 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.389173985 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.389753103 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.389765978 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.389777899 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.389799118 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.389827013 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.390413046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.391164064 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.391175985 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.391235113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.391304016 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.391369104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.394526958 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394700050 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394712925 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394723892 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394735098 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394747019 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.394785881 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.394833088 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.394867897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.395051956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.395127058 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.395623922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.395979881 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.396351099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.396364927 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.396400928 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.396425009 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.397099972 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.397269011 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.397317886 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.397823095 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.398005009 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.398380041 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.398431063 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.398552895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.398634911 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.399115086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.399127960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.399172068 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.399878979 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.399897099 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.399945974 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.400401115 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.400413990 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.400459051 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.400538921 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.400621891 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.402626038 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.403008938 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.404602051 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405580044 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405594110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405606031 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405617952 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405630112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405641079 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.405643940 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.405687094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.405687094 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.406028032 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.406040907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.406089067 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.406692982 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.406876087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.406922102 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.407527924 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.407711983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.408488035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.408499956 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.408541918 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.409122944 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.409298897 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.409636974 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.409679890 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.409797907 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.409845114 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.410284996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410296917 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410310030 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410321951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410334110 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410343885 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.410346031 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410383940 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.410629988 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.410900116 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.410959005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.411523104 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.411535025 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.411572933 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.413789988 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.413832903 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.414951086 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.414964914 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.414977074 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.414987087 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.414999962 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415011883 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415023088 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415024042 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.415055990 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.415081024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415229082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.415757895 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.415777922 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.415780067 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415946960 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.415997982 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.416465998 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.416815996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.416858912 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.417057991 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.417071104 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.417553902 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.417567015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.417609930 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.418117046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.418241024 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.418289900 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.418807983 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.418819904 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.418869019 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.419363976 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.419534922 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.419583082 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.420083046 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.462932110 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.573970079 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574048042 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574085951 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574116945 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.574126005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574194908 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.574723005 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574790001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.574840069 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.575428963 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.575586081 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.575715065 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.576184034 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.576296091 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.576338053 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.576877117 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.576977015 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.577024937 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.577577114 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.577694893 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.577760935 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.578304052 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.578481913 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.578531981 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.579085112 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.579135895 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.579178095 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.579766035 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.579912901 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.579962969 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.580482006 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.580580950 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.580658913 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.581187010 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.581305981 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.581348896 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.581918955 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.582022905 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.582067966 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.582631111 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.582716942 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.582761049 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.583378077 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.583538055 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.583580017 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.584125996 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.584191084 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.584283113 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.584764957 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.584871054 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.584916115 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.585529089 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.585577965 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.633534908 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.637444973 CET497312845192.168.2.4104.161.43.18
                                                Dec 17, 2024 20:18:35.790977001 CET284549731104.161.43.18192.168.2.4
                                                Dec 17, 2024 20:18:35.790997982 CET284549731104.161.43.18192.168.2.4

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:14:18:09
                                                Start date:17/12/2024
                                                Path:C:\Users\user\Desktop\tO8laPAv1k.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\tO8laPAv1k.exe"
                                                Imagebase:0x400000
                                                File size:1'862'656 bytes
                                                MD5 hash:8046EEE34B90A417AC4EE92408958F89
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:14:18:24
                                                Start date:17/12/2024
                                                Path:C:\Users\user\Desktop\tO8laPAv1k.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\tO8laPAv1k.exe"
                                                Imagebase:0x400000
                                                File size:1'862'656 bytes
                                                MD5 hash:8046EEE34B90A417AC4EE92408958F89
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000003.1935422331.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1938671471.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000003.1938484288.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000001.00000002.1962817056.0000000000A70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:14:18:25
                                                Start date:17/12/2024
                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\svchost.exe"
                                                Imagebase:0x650000
                                                File size:46'504 bytes
                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1942949955.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1949821359.00000000052A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1950028534.00000000054C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.2037663247.0000000003390000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:8
                                                Start time:14:18:27
                                                Start date:17/12/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 428
                                                Imagebase:0xbc0000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:14:18:35
                                                Start date:17/12/2024
                                                Path:C:\Windows\System32\fontdrvhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                Imagebase:0x7ff72c440000
                                                File size:827'408 bytes
                                                MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:11
                                                Start time:14:18:38
                                                Start date:17/12/2024
                                                Path:C:\Windows\System32\WerFault.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 5224 -s 64
                                                Imagebase:0x7ff63d860000
                                                File size:570'736 bytes
                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:0.2%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:21.4%
                                                  Total number of Nodes:28
                                                  Total number of Limit Nodes:4
                                                  execution_graph 41863 44f925 41871 44f94b 41863->41871 41865 44fcbe 41883 44fcd4 16 API calls 41865->41883 41866 44f98f VirtualProtect 41866->41865 41867 44fcca 41866->41867 41873 44fd48 41867->41873 41884 44fd39 16 API calls 41867->41884 41871->41866 41874 44fbb7 41871->41874 41875 44fbee VirtualProtect 41874->41875 41877 44fcca 41875->41877 41878 44fcbe 41875->41878 41882 44fd48 41877->41882 41886 44fd39 16 API calls 41877->41886 41885 44fcd4 16 API calls 41878->41885 41887 447f16 41888 447f1e 41887->41888 41891 447f2e 41888->41891 41893 447f37 41891->41893 41892 448078 41893->41892 41894 448777 NtQueryDefaultLocale 41893->41894 41895 44878e 41894->41895 41901 44886f 41894->41901 41903 448879 16 API calls 41895->41903 41897 44a131 41905 44a2b1 16 API calls 41897->41905 41901->41897 41902 449d50 41901->41902 41904 44a13b 16 API calls 41901->41904

                                                  Executed Functions

                                                  Function 00447C60 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 445nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 447c60-447c99 2 447cac-447cc1 0->2 3 447c9b-447ca7 0->3 5 447cd4-447cf3 2->5 6 447cc3-447ccf 2->6 4 447f9d-447fa4 3->4 7 448078-4480ea call 4480f9 4->7 8 447faa-448035 4->8 9 447cf5-447d01 5->9 10 447d06-447d18 5->10 6->4 8->7 24 448037-448788 call 448065 NtQueryDefaultLocale 8->24 9->4 13 447d1a-447d26 10->13 14 447d2b-447d94 10->14 13->4 18 447f91-447f97 14->18 19 447d9a-447e06 14->19 18->4 22 447ea7-447f7c call 447ecf 19->22 23 447e0c-447e1c 19->23 40 447f8c 22->40 41 447f7e-447f8a 22->41 23->22 25 447e22-447e4f call 447e50 23->25 38 448950-448d26 call 448a01 24->38 39 44878e-4488de call 448879 24->39 25->22 60 448d2c-448de3 call 448de2 38->60 61 449639-449d4a call 4499a7 38->61 56 4488ef-4488fb 39->56 40->4 41->4 58 448923-44894d 56->58 59 4488fd-448914 56->59 58->38 62 448916-44891f 59->62 63 448921 59->63 69 44a02b-44a113 call 44a059 60->69 93 449d50-449dd5 61->93 94 449f43-449fba call 449f6b 61->94 62->38 63->56 81 44a2a0-44a2ae call 44a2b1 69->81 82 44a119-44a139 call 44a13b 69->82 82->81 97 449de6-449df2 93->97 107 449fcb-449ff1 94->107 99 449df4-449e0b 97->99 100 449e1a-449e44 97->100 102 449e0d-449e16 99->102 103 449e18 99->103 104 449e47-449e5a 100->104 102->104 103->97 109 449ff3-449ffc 107->109 110 449ffe 107->110 109->69 110->69 111 449fbc-449fc5 110->111 111->107
                                                  APIs
                                                  • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DefaultLocaleQuery
                                                  • String ID: L$L$W$a$a$b$d$i$o$r$r$y$oW
                                                  • API String ID: 2949231068-92182103
                                                  • Opcode ID: 5f78f9d7c1625fe1155efa3d746bc9648de58461ff2f031cda86e092ed9e32c4
                                                  • Instruction ID: 629b6b8fff740c6f93139a6f5d624716e61080b5ded1ac40ad6b4ab27121b35e
                                                  • Opcode Fuzzy Hash: 5f78f9d7c1625fe1155efa3d746bc9648de58461ff2f031cda86e092ed9e32c4
                                                  • Instruction Fuzzy Hash: 1202ABB1E042688FFB248B14CC44BEAB7B5FB91304F1041EAD84DA7281E7795ED68F56
                                                  Function 00447E50 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 393COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 112 447e50-447e73 113 447e75-447e97 112->113 114 447e99 112->114 113->114 115 447ea0 113->115 116 447de6-447e06 114->116 117 447ea7-447f7c call 447ecf 114->117 115->117 116->117 120 447e0c-447e1c 116->120 128 447f8c 117->128 129 447f7e-447f8a 117->129 120->117 122 447e22-447e4f call 447e50 120->122 122->117 130 447f9d-447fa4 128->130 129->130 131 448078-4480ea call 4480f9 130->131 132 447faa-448035 130->132 132->131 138 448037-448788 call 448065 NtQueryDefaultLocale 132->138 144 448950-448d26 call 448a01 138->144 145 44878e-4488de call 448879 138->145 164 448d2c-448de3 call 448de2 144->164 165 449639-449d4a call 4499a7 144->165 160 4488ef-4488fb 145->160 162 448923-44894d 160->162 163 4488fd-448914 160->163 162->144 166 448916-44891f 163->166 167 448921 163->167 173 44a02b-44a113 call 44a059 164->173 197 449d50-449dd5 165->197 198 449f43-449fba call 449f6b 165->198 166->144 167->160 185 44a2a0-44a2ae call 44a2b1 173->185 186 44a119-44a139 call 44a13b 173->186 186->185 201 449de6-449df2 197->201 211 449fcb-449ff1 198->211 203 449df4-449e0b 201->203 204 449e1a-449e44 201->204 206 449e0d-449e16 203->206 207 449e18 203->207 208 449e47-449e5a 204->208 206->208 207->201 213 449ff3-449ffc 211->213 214 449ffe 211->214 213->173 214->173 215 449fbc-449fc5 214->215 215->211
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$L$W$a$a$b$d$i$o$r$r$y$oW
                                                  • API String ID: 0-92182103
                                                  • Opcode ID: a0f7a2817e82ce78546f515fbce813583fed312e9c2661f4825da7973c018cb7
                                                  • Instruction ID: 231a16426c4218a45f575413752fe65bed4c6403d15267b0834f5ec3f0ef69b2
                                                  • Opcode Fuzzy Hash: a0f7a2817e82ce78546f515fbce813583fed312e9c2661f4825da7973c018cb7
                                                  • Instruction Fuzzy Hash: F0E113B1D045688BF7208A24DC54BEAB7B5FB91300F1441FED88DA6281E77D1EC68F66
                                                  Function 00447B66 Relevance: 23.3, APIs: 1, Strings: 12, Instructions: 505nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 216 447b66-447ba3 218 447bb5-447bf8 216->218 219 447ba5-447baf 216->219 222 447bfa-447c36 218->222 223 447c3b-447c99 call 447c60 218->223 219->218 220 44796b-4479f3 call 44798d call 4479f8 219->220 225 448777-448788 NtQueryDefaultLocale 222->225 243 447cac-447cc1 223->243 244 447c9b-447ca7 223->244 228 448950-448d26 call 448a01 225->228 229 44878e-4488de call 448879 225->229 278 448d2c-448de3 call 448de2 228->278 279 449639-449d4a call 4499a7 228->279 272 4488ef-4488fb 229->272 248 447cd4-447cf3 243->248 249 447cc3-447ccf 243->249 245 447f9d-447fa4 244->245 251 448078-4480ea call 4480f9 245->251 252 447faa-448035 245->252 255 447cf5-447d01 248->255 256 447d06-447d18 248->256 249->245 252->251 285 448037-448073 call 448065 252->285 255->245 263 447d1a-447d26 256->263 264 447d2b-447d94 256->264 263->245 270 447f91-447f97 264->270 271 447d9a-447e06 264->271 270->245 282 447ea7-447f7c call 447ecf 271->282 283 447e0c-447e1c 271->283 274 448923-44894d 272->274 275 4488fd-448914 272->275 274->228 280 448916-44891f 275->280 281 448921 275->281 293 44a02b-44a113 call 44a059 278->293 328 449d50-449dd5 279->328 329 449f43-449fba call 449f6b 279->329 280->228 281->272 312 447f8c 282->312 313 447f7e-447f8a 282->313 283->282 288 447e22-447e4f call 447e50 283->288 285->225 288->282 316 44a2a0-44a2ae call 44a2b1 293->316 317 44a119-44a139 call 44a13b 293->317 312->245 313->245 317->316 332 449de6-449df2 328->332 342 449fcb-449ff1 329->342 334 449df4-449e0b 332->334 335 449e1a-449e44 332->335 337 449e0d-449e16 334->337 338 449e18 334->338 339 449e47-449e5a 335->339 337->339 338->332 344 449ff3-449ffc 342->344 345 449ffe 342->345 344->293 345->293 346 449fbc-449fc5 345->346 346->342
                                                  APIs
                                                  • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DefaultLocaleQuery
                                                  • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                  • API String ID: 2949231068-4069139063
                                                  • Opcode ID: c2f6d92b20a53f6c04d1fe6b0697f90f872c9dcd2e028d4ccca5eddbb1bfd381
                                                  • Instruction ID: c7889c7cb7a8b56e65ca2aeb04361b577bdc4f40c8db15c6f7f0b607483f5140
                                                  • Opcode Fuzzy Hash: c2f6d92b20a53f6c04d1fe6b0697f90f872c9dcd2e028d4ccca5eddbb1bfd381
                                                  • Instruction Fuzzy Hash: 3C12E3B2D086648BF7208A24DC44BEAB775EB90314F1041FED84DA6281E77D5EC6CF66
                                                  Function 00447A78 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 397nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 347 447a78-447a91 348 447a93-447aa9 347->348 349 447aab-447abb 347->349 350 447b0e-447b15 348->350 351 447ac1-447ad4 349->351 352 4479ca-4479f3 call 4479f8 349->352 353 447b57-447b65 call 447b66 350->353 354 447b17-447b55 350->354 351->352 356 447ada-447aea 351->356 357 447bbf-447bf8 353->357 354->357 360 447aec-447af6 356->360 361 447af8 356->361 365 447bfa-447c36 357->365 366 447c3b-447c99 call 447c60 357->366 362 447b02-447b08 360->362 361->362 362->350 368 448777-448788 NtQueryDefaultLocale 365->368 381 447cac-447cc1 366->381 382 447c9b-447ca7 366->382 370 448950-448d26 call 448a01 368->370 371 44878e-4488de call 448879 368->371 413 448d2c-448de3 call 448de2 370->413 414 449639-449d4a call 4499a7 370->414 407 4488ef-4488fb 371->407 385 447cd4-447cf3 381->385 386 447cc3-447ccf 381->386 383 447f9d-447fa4 382->383 388 448078-4480ea call 4480f9 383->388 389 447faa-448035 383->389 391 447cf5-447d01 385->391 392 447d06-447d18 385->392 386->383 389->388 420 448037-448073 call 448065 389->420 391->383 398 447d1a-447d26 392->398 399 447d2b-447d94 392->399 398->383 405 447f91-447f97 399->405 406 447d9a-447e06 399->406 405->383 417 447ea7-447f7c call 447ecf 406->417 418 447e0c-447e1c 406->418 409 448923-44894d 407->409 410 4488fd-448914 407->410 409->370 415 448916-44891f 410->415 416 448921 410->416 428 44a02b-44a113 call 44a059 413->428 463 449d50-449dd5 414->463 464 449f43-449fba call 449f6b 414->464 415->370 416->407 447 447f8c 417->447 448 447f7e-447f8a 417->448 418->417 423 447e22-447e4f call 447e50 418->423 420->368 423->417 451 44a2a0-44a2ae call 44a2b1 428->451 452 44a119-44a139 call 44a13b 428->452 447->383 448->383 452->451 467 449de6-449df2 463->467 477 449fcb-449ff1 464->477 469 449df4-449e0b 467->469 470 449e1a-449e44 467->470 472 449e0d-449e16 469->472 473 449e18 469->473 474 449e47-449e5a 470->474 472->474 473->467 479 449ff3-449ffc 477->479 480 449ffe 477->480 479->428 480->428 481 449fbc-449fc5 480->481 481->477
                                                  APIs
                                                  • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DefaultLocaleQuery
                                                  • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                  • API String ID: 2949231068-4069139063
                                                  • Opcode ID: 98cf5a69a148a2bedbc7f2611a5d68ecbef05428283a8fad2c4dea92d6cd35c5
                                                  • Instruction ID: 9061babd1d200decede1d9315928c2c4db3ab5f7ff7a49ea9f0f0ba90d3ac9af
                                                  • Opcode Fuzzy Hash: 98cf5a69a148a2bedbc7f2611a5d68ecbef05428283a8fad2c4dea92d6cd35c5
                                                  • Instruction Fuzzy Hash: 8DE1E2B1D082688AFB208B25DC44BEA77B5FB90304F1041FED44DA6281E77D1EC2CB66
                                                  Function 0045067F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 233COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 483 45067f-45068a 484 450690-450816 483->484 485 450f9c-45102e 483->485 486 450827-450872 call 450850 call 450867 484->486 487 450818-450822 484->487 488 451030-45103a 485->488 489 45103f-451061 call 451063 485->489 507 450874-45087e 486->507 508 450883-450889 486->508 491 450ae3-450b1c 487->491 490 4512fb-45138b call 451364 488->490 489->490 516 45138d-451399 490->516 517 45139e-4513b3 490->517 496 450b5f-450bbd 491->496 497 450b1e-450b4a call 450b4c 491->497 511 450bd0-450be5 496->511 512 450bbf-450bcb 496->512 497->485 507->491 515 45088f-4508e7 508->515 513 450be7-450bf3 511->513 514 450bf8-450c17 511->514 518 450ec1-450ec8 512->518 513->518 519 450c19-450c25 514->519 520 450c2a-450c3c 514->520 522 4508ee-4509b5 515->522 525 45168f-45169d ExitProcess 516->525 523 4513b5-4513c1 517->523 524 4513c6-4513e5 517->524 518->485 521 450ece-450f59 call 450ef6 518->521 519->518 527 450c4f-450cb8 520->527 528 450c3e-450c4a 520->528 521->485 563 450f5b-450f6b call 450f6c 521->563 542 4509b7-4509cd 522->542 543 4509cf-4509df 522->543 523->525 531 4513e7-4513f3 524->531 532 4513f8-45140a 524->532 539 450eb5-450ebb 527->539 540 450cbe-450d08 527->540 528->518 531->525 533 45141d-451486 532->533 534 45140c-451418 532->534 544 451683-451689 533->544 545 45148c-4514f8 533->545 534->525 539->518 546 450d19-450d2a 540->546 547 450a32-450a39 542->547 543->522 548 4509e5-4509f8 543->548 544->525 558 4514fe-45150e 545->558 559 451599-4515ea 545->559 552 450d30-450d40 546->552 553 450dcb-450dea call 450deb 546->553 549 450a7b-450ac7 547->549 550 450a3b-450a4c call 450a4f 547->550 548->522 555 4509fe-450a0e 548->555 560 450ad9 549->560 561 450ac9-450ad3 549->561 550->549 552->553 562 450d46-450d97 552->562 553->539 564 450a10-450a1a 555->564 565 450a1c 555->565 558->559 569 451514-451523 call 451524 558->569 575 4515ec-4515f6 559->575 576 4515f8-45164f 559->576 560->491 561->515 561->560 577 450dbd 562->577 578 450d99-450dbb 562->578 563->485 566 450a26-450a2c 564->566 565->566 566->547 569->559 581 451667-45166e 575->581 582 451651-45165b 576->582 583 45165d 576->583 577->546 578->577 584 450dc4 578->584 586 451670-45167c 581->586 587 45167e 581->587 582->581 583->581 584->553 586->525 587->544
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID: JB38
                                                  • API String ID: 621844428-2056971077
                                                  • Opcode ID: de4aea9ac3bef235b92167f735921fa0822059c6fefb3a23635d386ed7d6cca0
                                                  • Instruction ID: 165adf0306465a0bfe1b83379801994ebf0d1b5b4a6086e421831c8e1e9d191e
                                                  • Opcode Fuzzy Hash: de4aea9ac3bef235b92167f735921fa0822059c6fefb3a23635d386ed7d6cca0
                                                  • Instruction Fuzzy Hash: 6991C2B5D052598EF720CA24DC84BDABB76EF54304F1480FAD80C9B682D67D8FC58B66
                                                  Function 00450867 Relevance: 1.9, APIs: 1, Instructions: 448COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 616 450867-450872 617 450874-45087e 616->617 618 450883-450889 616->618 619 450ae3-450b1c 617->619 620 45088f-4508e7 618->620 621 450b5f-450bbd 619->621 622 450b1e-450b4a call 450b4c 619->622 623 4508ee-4509b5 620->623 633 450bd0-450be5 621->633 634 450bbf-450bcb 621->634 637 450f9c-45102e 622->637 631 4509b7-4509cd 623->631 632 4509cf-4509df 623->632 638 450a32-450a39 631->638 632->623 639 4509e5-4509f8 632->639 635 450be7-450bf3 633->635 636 450bf8-450c17 633->636 640 450ec1-450ec8 634->640 635->640 641 450c19-450c25 636->641 642 450c2a-450c3c 636->642 646 451030-45103a 637->646 647 45103f-451061 call 451063 637->647 643 450a7b-450ac7 638->643 644 450a3b-450a4c call 450a4f 638->644 639->623 648 4509fe-450a0e 639->648 640->637 645 450ece-450f59 call 450ef6 640->645 641->640 650 450c4f-450cb8 642->650 651 450c3e-450c4a 642->651 653 450ad9 643->653 654 450ac9-450ad3 643->654 644->643 645->637 677 450f5b-450f6b call 450f6c 645->677 649 4512fb-45138b call 451364 646->649 647->649 657 450a10-450a1a 648->657 658 450a1c 648->658 678 45138d-451399 649->678 679 45139e-4513b3 649->679 665 450eb5-450ebb 650->665 666 450cbe-450d08 650->666 651->640 653->619 654->620 654->653 660 450a26-450a2c 657->660 658->660 660->638 665->640 669 450d19-450d2a 666->669 671 450d30-450d40 669->671 672 450dcb-450dea call 450deb 669->672 671->672 676 450d46-450d97 671->676 672->665 688 450dbd 676->688 689 450d99-450dbb 676->689 677->637 685 45168f-45169d ExitProcess 678->685 682 4513b5-4513c1 679->682 683 4513c6-4513e5 679->683 682->685 690 4513e7-4513f3 683->690 691 4513f8-45140a 683->691 688->669 689->688 695 450dc4 689->695 690->685 693 45141d-451486 691->693 694 45140c-451418 691->694 698 451683-451689 693->698 699 45148c-4514f8 693->699 694->685 695->672 698->685 701 4514fe-45150e 699->701 702 451599-4515ea 699->702 701->702 703 451514-451523 call 451524 701->703 706 4515ec-4515f6 702->706 707 4515f8-45164f 702->707 703->702 709 451667-45166e 706->709 710 451651-45165b 707->710 711 45165d 707->711 712 451670-45167c 709->712 713 45167e 709->713 710->709 711->709 712->685 713->698
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: bcaff1dafbdaf5c71a434d9b07c76cecba136c6cb664daa1b126bd745d66de90
                                                  • Instruction ID: e55c482ed35d7fa9255e1c298655d01d400c8f0b03d5b8fb772aa7137350f7fb
                                                  • Opcode Fuzzy Hash: bcaff1dafbdaf5c71a434d9b07c76cecba136c6cb664daa1b126bd745d66de90
                                                  • Instruction Fuzzy Hash: 5902ABB5D002298FEB24CB14DC90BEAB775EB84315F1480FAD80D67741DA39AEC9CE55
                                                  Function 0044F925 Relevance: 1.8, APIs: 1, Instructions: 286memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 714 44f925-44f98d 716 44f9a0-44f9b5 714->716 717 44f98f-44f99b 714->717 719 44f9b7-44f9c3 716->719 720 44f9c8-44f9e7 716->720 718 44fc91-44fcbc VirtualProtect 717->718 724 44fcfc-44fd02 718->724 725 44fcbe-44fcfa call 44fcd4 718->725 719->718 722 44f9e9-44f9f5 720->722 723 44f9fa-44fa0c 720->723 722->718 726 44fa0e-44fa1a 723->726 727 44fa1f-44fa88 723->727 728 44fd08-44fd0f 724->728 725->728 726->718 731 44fc85-44fc8b 727->731 732 44fa8e-44fad8 727->732 734 44fd11-44fd38 call 44fd39 728->734 735 44fd48-44fe85 call 44fe86 728->735 731->718 736 44fae9-44fafa 732->736 739 44fb00-44fb10 736->739 740 44fb9b-44fbab call 44fbb7 736->740 739->740 743 44fb16-44fb67 739->743 753 44fbb0-44fbec 740->753 746 44fb8d 743->746 747 44fb69-44fb8b 743->747 746->736 747->746 750 44fb94 747->750 750->740 755 44fbee-44fbf8 753->755 756 44fbfa-44fc51 753->756 759 44fc69-44fc70 755->759 757 44fc53-44fc5d 756->757 758 44fc5f 756->758 757->759 758->759 760 44fc80 759->760 761 44fc72-44fc7e 759->761 760->718 761->718
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 58dd6b8f47571524a0e54c694324b0b18e2040d2a28ca36277bbb8a2b34f21e9
                                                  • Instruction ID: 9ea21647febbba6030494de6a47d1c68d21076676d4bd12ee3c92103763a8468
                                                  • Opcode Fuzzy Hash: 58dd6b8f47571524a0e54c694324b0b18e2040d2a28ca36277bbb8a2b34f21e9
                                                  • Instruction Fuzzy Hash: 82C1CDB1D045688BEB20CB14CC90BEAB7B9EB85315F1881FAD80D67341C6399EC5CF56
                                                  Function 0044F52F Relevance: 1.6, APIs: 1, Instructions: 131memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 804 44f52f-44f55a 806 44f55c-44fcbc VirtualProtect 804->806 807 44f59d-44f926 call 44f60c call 44f925 804->807 815 44fcfc-44fd02 806->815 816 44fcbe-44fcfa call 44fcd4 806->816 817 44fd08-44fd0f 815->817 816->817 822 44fd11-44fd38 call 44fd39 817->822 823 44fd48-44fe85 call 44fe86 817->823
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 675968156a578e7751a60f12223830ac7edd8e466f3ddf933783f439c09e0b1d
                                                  • Instruction ID: b721a3af89386f7f37a8c8cf074f44b862c0b90d2cd742d67bdbfb6a9cb8ad9c
                                                  • Opcode Fuzzy Hash: 675968156a578e7751a60f12223830ac7edd8e466f3ddf933783f439c09e0b1d
                                                  • Instruction Fuzzy Hash: F94126F2C142189BF7148A20DC55FF77768EB01310F1481BFE94E92681DA3C9ECA4A57
                                                  Function 00451364 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 151COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 588 451364-45138b 589 45138d-451399 588->589 590 45139e-4513b3 588->590 593 45168f-45169d ExitProcess 589->593 591 4513b5-4513c1 590->591 592 4513c6-4513e5 590->592 591->593 595 4513e7-4513f3 592->595 596 4513f8-45140a 592->596 595->593 597 45141d-451486 596->597 598 45140c-451418 596->598 600 451683-451689 597->600 601 45148c-4514f8 597->601 598->593 600->593 603 4514fe-45150e 601->603 604 451599-4515ea 601->604 603->604 605 451514-451523 call 451524 603->605 608 4515ec-4515f6 604->608 609 4515f8-45164f 604->609 605->604 611 451667-45166e 608->611 612 451651-45165b 609->612 613 45165d 609->613 614 451670-45167c 611->614 615 45167e 611->615 612->611 613->611 614->593 615->600
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-399585960
                                                  • Opcode ID: dd6867840a8fab817f3aa698fe8f0f79039a0133ccf8e2645bcd24f89141cf0e
                                                  • Instruction ID: d2c0019f19e2491b1970cb57c280c30a35bf9c5b2aa55f2bd52005c528df19a4
                                                  • Opcode Fuzzy Hash: dd6867840a8fab817f3aa698fe8f0f79039a0133ccf8e2645bcd24f89141cf0e
                                                  • Instruction Fuzzy Hash: 557115B4A012298FEB24CF14CC80BA9B7B6FB85306F1481EAD90D67352D7399E95CF45
                                                  Function 004512B5 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 762 4512b5-4512df 763 4512f1 762->763 764 4512e1-4512eb 762->764 766 4512fb-45138b call 451364 763->766 764->763 765 4510a7-4511b9 call 4511a3 764->765 765->766 776 45138d-451399 766->776 777 45139e-4513b3 766->777 781 45168f-45169d ExitProcess 776->781 779 4513b5-4513c1 777->779 780 4513c6-4513e5 777->780 779->781 783 4513e7-4513f3 780->783 784 4513f8-45140a 780->784 783->781 785 45141d-451486 784->785 786 45140c-451418 784->786 788 451683-451689 785->788 789 45148c-4514f8 785->789 786->781 788->781 791 4514fe-45150e 789->791 792 451599-4515ea 789->792 791->792 793 451514-451523 call 451524 791->793 796 4515ec-4515f6 792->796 797 4515f8-45164f 792->797 793->792 799 451667-45166e 796->799 800 451651-45165b 797->800 801 45165d 797->801 802 451670-45167c 799->802 803 45167e 799->803 800->799 801->799 802->781 803->788
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 88de03861a6d6003357a3a32a04c3663f7216d4bc5dfe3c802834eee0fed3dd3
                                                  • Instruction ID: f882d5d731499cc312b0299dc4b5a06d256e0b91ea0013906359fbd95b5d4bf9
                                                  • Opcode Fuzzy Hash: 88de03861a6d6003357a3a32a04c3663f7216d4bc5dfe3c802834eee0fed3dd3
                                                  • Instruction Fuzzy Hash: C851DFB1C052698BEB24CF24CD51BEAB775FF84301F0041EAD90DA6692DA385EC5CF55
                                                  Function 00451073 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 834 451073-45108a 835 45108c-451096 834->835 836 45109b-4511b9 call 4511a3 834->836 837 4512fb-45138b call 451364 835->837 836->837 848 45138d-451399 837->848 849 45139e-4513b3 837->849 853 45168f-45169d ExitProcess 848->853 851 4513b5-4513c1 849->851 852 4513c6-4513e5 849->852 851->853 855 4513e7-4513f3 852->855 856 4513f8-45140a 852->856 855->853 857 45141d-451486 856->857 858 45140c-451418 856->858 860 451683-451689 857->860 861 45148c-4514f8 857->861 858->853 860->853 863 4514fe-45150e 861->863 864 451599-4515ea 861->864 863->864 865 451514-451523 call 451524 863->865 868 4515ec-4515f6 864->868 869 4515f8-45164f 864->869 865->864 871 451667-45166e 868->871 872 451651-45165b 869->872 873 45165d 869->873 874 451670-45167c 871->874 875 45167e 871->875 872->871 873->871 874->853 875->860
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 3f2cde3699916df659f0f19b3e67c064d4d1a89a9c018b457509f4f8eeba066a
                                                  • Instruction ID: 331172bc2f363acd1e4e2955deb63eee7d015a5e8ce95ddf1a69dbd13258cf34
                                                  • Opcode Fuzzy Hash: 3f2cde3699916df659f0f19b3e67c064d4d1a89a9c018b457509f4f8eeba066a
                                                  • Instruction Fuzzy Hash: 3A51BCB1C052298BEB24CB24CC95BEAB774FF44310F0041FAD90D97691DA785EC5CB56
                                                  Function 00450EF6 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 876 450ef6-450f59 879 450f9c-45102e 876->879 880 450f5b-450f6b call 450f6c 876->880 881 451030-45103a 879->881 882 45103f-451061 call 451063 879->882 880->879 884 4512fb-45138b call 451364 881->884 882->884 892 45138d-451399 884->892 893 45139e-4513b3 884->893 896 45168f-45169d ExitProcess 892->896 894 4513b5-4513c1 893->894 895 4513c6-4513e5 893->895 894->896 898 4513e7-4513f3 895->898 899 4513f8-45140a 895->899 898->896 900 45141d-451486 899->900 901 45140c-451418 899->901 903 451683-451689 900->903 904 45148c-4514f8 900->904 901->896 903->896 906 4514fe-45150e 904->906 907 451599-4515ea 904->907 906->907 908 451514-451523 call 451524 906->908 911 4515ec-4515f6 907->911 912 4515f8-45164f 907->912 908->907 914 451667-45166e 911->914 915 451651-45165b 912->915 916 45165d 912->916 917 451670-45167c 914->917 918 45167e 914->918 915->914 916->914 917->896 918->903
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 3fb2163d3871124e3e5a72771a1eb62944c0d072349d6d44be0e44aab6589d1d
                                                  • Instruction ID: 8b3eaaf486dd65bfd7173432c64bf5eeec0287803e955daeb5fdd8747a848f24
                                                  • Opcode Fuzzy Hash: 3fb2163d3871124e3e5a72771a1eb62944c0d072349d6d44be0e44aab6589d1d
                                                  • Instruction Fuzzy Hash: 9D41F4B2E002149FF720CA15DC84BEA7B79EB84315F1484FBEC0CA6642D67C5EC98E61
                                                  Function 0044FBB7 Relevance: 1.6, APIs: 1, Instructions: 93memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 919 44fbb7-44fbec 920 44fbee-44fbf8 919->920 921 44fbfa-44fc51 919->921 924 44fc69-44fc70 920->924 922 44fc53-44fc5d 921->922 923 44fc5f 921->923 922->924 923->924 925 44fc80 924->925 926 44fc72-44fc7e 924->926 927 44fc91-44fcbc VirtualProtect 925->927 926->927 929 44fcfc-44fd02 927->929 930 44fcbe-44fcfa call 44fcd4 927->930 931 44fd08-44fd0f 929->931 930->931 934 44fd11-44fd38 call 44fd39 931->934 935 44fd48-44fe85 call 44fe86 931->935
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 181f8be649a02e96c6d4e6e57721e59621dff83348faec2b8cb46bd257dbfce2
                                                  • Instruction ID: c6dcd991c3da1123534ceeb8a75bf7ed259c21daa22b6744d6e6b29185e43d63
                                                  • Opcode Fuzzy Hash: 181f8be649a02e96c6d4e6e57721e59621dff83348faec2b8cb46bd257dbfce2
                                                  • Instruction Fuzzy Hash: DF3105B2D045188BFB20CB21DC98BEB7775AB85311F1481FAC84E66681C63C5ACA8F46
                                                  Function 0044F4F7 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 6e675b0503f37a5557bc1004bbde1b26b3e21412e3e51bc24f04d1ea096fb6e8
                                                  • Instruction ID: 518a7cda8cf8fdf9bbfccfc50c98b8a359abfd9cc3e622945d63ff8a859d5b8d
                                                  • Opcode Fuzzy Hash: 6e675b0503f37a5557bc1004bbde1b26b3e21412e3e51bc24f04d1ea096fb6e8
                                                  • Instruction Fuzzy Hash: FF2106F2D086086BFB148B21DC55FF77768DB51310F1482BFE90AD5581DA3C8AC64B56
                                                  Function 00451524 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24cdff2ae09c66752b16990040d37a1fb8405e59d582bc99f15a2e6ac253ca35
                                                  • Instruction ID: f055ede17a137f9b241b916382270c6c1edabccef669b5c678611b89513c3fdb
                                                  • Opcode Fuzzy Hash: 24cdff2ae09c66752b16990040d37a1fb8405e59d582bc99f15a2e6ac253ca35
                                                  • Instruction Fuzzy Hash: 1F3181709055689AEB20CE14CC94BBEB7B6AFC2306F1480EBDC5A56252D6385EC58F85
                                                  Function 00451063 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 10d20fbbff062361d1a085c7d779f486ce5e42b9b8cf7773b0ec83fc6f4500bb
                                                  • Instruction ID: 72c2ee71e8dcf654d6b6f813bdbe5df49f40bd1838f93c78229a75e321cd31e4
                                                  • Opcode Fuzzy Hash: 10d20fbbff062361d1a085c7d779f486ce5e42b9b8cf7773b0ec83fc6f4500bb
                                                  • Instruction Fuzzy Hash: 1411D0B1D053588FF7208A14DD95BEA7774EB40315F1004EBDD499A692CA7C9EC68E12
                                                  Function 00451010 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: de834a40c5caa25615c3ba5995f6d17f706d9bfb78d407efc75862569b6bf407
                                                  • Instruction ID: ac86c36fadb3b586c3092fa7b789c0fba8331803d7a5cc92c2c1d46ff6991d2d
                                                  • Opcode Fuzzy Hash: de834a40c5caa25615c3ba5995f6d17f706d9bfb78d407efc75862569b6bf407
                                                  • Instruction Fuzzy Hash: BA1106B1D043588FF7208A10DC95BED7778EB40315F1044EBDD48AA692CABC5EC58E21
                                                  Function 0045126F Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 1f35113a782ecf9eb1256ad671d41db8b2c823cd258aae90def66575bdef21c6
                                                  • Instruction ID: afca45ebaef170daf229ceb64ef0d710d24b5be768126ab94ac0cd28c6255648
                                                  • Opcode Fuzzy Hash: 1f35113a782ecf9eb1256ad671d41db8b2c823cd258aae90def66575bdef21c6
                                                  • Instruction Fuzzy Hash: D211A3B1D053188FE7208A14DD95BEA7778EB80315F1004EADD49AA352CA7C9EC58E61
                                                  Function 00451080 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 46ab1ccf9d705bdfb23e3b9caaa4fa29956b10e04f7ff22c792b7e6091a0307c
                                                  • Instruction ID: 079d2166c6715fc2d3a83e7d783189a72fe44d3f5cb9f4cbcd87b37a57f9a9db
                                                  • Opcode Fuzzy Hash: 46ab1ccf9d705bdfb23e3b9caaa4fa29956b10e04f7ff22c792b7e6091a0307c
                                                  • Instruction Fuzzy Hash: 3811E1B1D043188FFB208E10CC94BE977B8EB40315F1004EBDD08AA292C67C9EC58E21
                                                  Function 0044F148 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 694fdbf529ce3d40ec80b2357459bda671d5d39c3f85658c46a8416d9589038b
                                                  • Instruction ID: 814db61af832a6bff861a592323d3ac20575e7e6e6b1195c4ccd72e95cef0b75
                                                  • Opcode Fuzzy Hash: 694fdbf529ce3d40ec80b2357459bda671d5d39c3f85658c46a8416d9589038b
                                                  • Instruction Fuzzy Hash: 8E0124E2D086089AFB20DB61DC49BE72728E751310F10C1BFD90DA5581C97C9ACA5B0B
                                                  Function 00450F7D Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: d5034efe396193c72f22cb0e951163a20bb60c5f4bb268a5f3ae71e13303401a
                                                  • Instruction ID: 451640935eed56b7336414e3c3f27917479ffd3ef5409f8ee72ac85b12c17538
                                                  • Opcode Fuzzy Hash: d5034efe396193c72f22cb0e951163a20bb60c5f4bb268a5f3ae71e13303401a
                                                  • Instruction Fuzzy Hash: B2C09BB0C0515497F7148601D85B7AC7B74A700355F1484BBF54F651D18EF809DA4E0B
                                                  Function 00450B4C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 5cbc8bff280397d290591dc35fb931c4a52dc0fcdb094183cadf7f59c42a2a09
                                                  • Instruction ID: 035ac1adf455fed2ab08c69e7844892fffc83f997a605a2232a81dd45bf188cc
                                                  • Opcode Fuzzy Hash: 5cbc8bff280397d290591dc35fb931c4a52dc0fcdb094183cadf7f59c42a2a09
                                                  • Instruction Fuzzy Hash: B5B012F08052648BF710DB04DC0B7DC77786B00312F0840D3E44E64182C2B40ECA8F47

                                                  Non-executed Functions

                                                  Function 0041A06D Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -BootTimeDefrag$-InstallNative$-UninstallNative$8<$DiskDefrag$Foucs_Color$Frame_Color$Mid_Back_Color$SeBackupPrivilege$SeRestorePrivilege$Select_Color$Text_Color$Window
                                                  • API String ID: 0-155024078
                                                  • Opcode ID: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                  • Instruction ID: 85c3a5c4530a51ec5ffbaea33e836eab6d3034a11df18fab6eaffee292debf54
                                                  • Opcode Fuzzy Hash: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                  • Instruction Fuzzy Hash: 1CA19570644341ABD320EB61DC86FEF77A4AF84704F10891EF54992281DBB9E5988B6F
                                                  Function 0041FAB0 Relevance: 47.5, APIs: 7, Strings: 20, Instructions: 275windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                  • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                  • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                  • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                  • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                  • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                  • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$InfoItem
                                                  • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131
                                                  • API String ID: 1040333723-179025603
                                                  • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                  • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                  • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                  • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                  Function 0041B4B0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 135serviceCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,675A81B8), ref: 0041B4C2
                                                  • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,675A81B8), ref: 0041B4DD
                                                  • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,675A81B8), ref: 0041B4EA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: OpenService$CloseHandleManager
                                                  • String ID: VSS
                                                  • API String ID: 4136619037-4102325705
                                                  • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                  • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                  • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                  • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                  Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                  • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 295610168-2526466113
                                                  • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                  • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                  • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                  • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                  Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000), ref: 004197EE
                                                  • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                  • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                  • CoUninitialize.OLE32 ref: 004198B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                  • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                  • API String ID: 3575674281-2330458756
                                                  • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                  • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                  • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                  • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                  Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                  • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 2174522762-3670384684
                                                  • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                  • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                  • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                  • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                  Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                  • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 2174522762-3670384684
                                                  • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                  • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                  • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                  • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                  Function 0044233C Relevance: 16.6, Strings: 13, Instructions: 317COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4=<L$L$L$W$a$a$b$d$i$o$r$r$y
                                                  • API String ID: 0-2781798036
                                                  • Opcode ID: b1102e286251f19a28e9064dd11fb4d3a89d2e268c6337ecdf70966ab71fc966
                                                  • Instruction ID: 3fb8b1fdf5efa5cf30c22af220761d3733633f07fd0d7383c662e877aeac4e55
                                                  • Opcode Fuzzy Hash: b1102e286251f19a28e9064dd11fb4d3a89d2e268c6337ecdf70966ab71fc966
                                                  • Instruction Fuzzy Hash: 73D1C1B1E041588BF7248B20DC44BEAB7B5EF95300F1481EAE84D97281DA795FC1CF56
                                                  Function 00444E7B Relevance: 16.5, Strings: 13, Instructions: 221COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BA>E$L$L$W$a$a$b$d$i$o$r$r$y
                                                  • API String ID: 0-2681882137
                                                  • Opcode ID: 983136dbdfcc80c790b9fe17efe34583c8a4e40a9e3609365c1fb8f1ee38146c
                                                  • Instruction ID: 54723bb0205ab12fddb2e25d06c75164652fbf28e159cff20cd36f4f6b651289
                                                  • Opcode Fuzzy Hash: 983136dbdfcc80c790b9fe17efe34583c8a4e40a9e3609365c1fb8f1ee38146c
                                                  • Instruction Fuzzy Hash: A591A661D086A8CEFB218624CC447EA7AB5FF91704F1481FAD48C67682D7BD0EC58F66
                                                  Function 0056BB96 Relevance: 15.4, Strings: 12, Instructions: 427COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                  • API String ID: 0-4069139063
                                                  • Opcode ID: 0f229724efb8f40dff89b039ac9cd7f56fdb4f4dd09b269f0ed9e75b3c05fa5c
                                                  • Instruction ID: c116815d50dcff18a90afe484e8afeb1e872ea29c596737365fddc82defd9927
                                                  • Opcode Fuzzy Hash: 0f229724efb8f40dff89b039ac9cd7f56fdb4f4dd09b269f0ed9e75b3c05fa5c
                                                  • Instruction Fuzzy Hash: E7F190B1D045689AE7208B24DC44BEABA75FF95310F1480FAD84DAB280E7795FC5CF62
                                                  Function 00419D90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,00421955), ref: 00419D9A
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,00421955), ref: 00419DA1
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00419DB7
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00421955), ref: 00419DC6
                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 00419E04
                                                  • CloseHandle.KERNEL32(00000000), ref: 00419E13
                                                  • CloseHandle.KERNEL32(00000000), ref: 00419E24
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                  • String ID: SeShutdownPrivilege
                                                  • API String ID: 1280518032-3733053543
                                                  • Opcode ID: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                  • Instruction ID: d07024e087d9fbb4da489035f39631b0ffcbbc48e9dced30be6a628d6d85d024
                                                  • Opcode Fuzzy Hash: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                  • Instruction Fuzzy Hash: D91130B5208300ABD314DFA4DC89B5B77E4BB88B00F80882CF54DC6290E778D8C48B5A
                                                  Function 00461F10 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 598COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $>
                                                  • API String ID: 0-4162622711
                                                  • Opcode ID: 8cfb89d91ac5ebe87410a0dc08d40f2a0795454abd0e21a2348a14a75c83b48c
                                                  • Instruction ID: ab613082dd5abe8ce957bb114a2766d0e8ed38c9df93d9e2be8208bb24206897
                                                  • Opcode Fuzzy Hash: 8cfb89d91ac5ebe87410a0dc08d40f2a0795454abd0e21a2348a14a75c83b48c
                                                  • Instruction Fuzzy Hash: 5432C1705087419BC339DF24C950BEBB7E5FF99300F04492EE99A872A0E7789945CB5B
                                                  Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                  • GetLastError.KERNEL32 ref: 0041E14E
                                                  • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                  • String ID: SeShutdownPrivilege
                                                  • API String ID: 107509674-3733053543
                                                  • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                  • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                  • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                  • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                  Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                  • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                  • String ID: %c:\
                                                  • API String ID: 281833627-3142399695
                                                  • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                  • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                  • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                  • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                  Function 0041F8D0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsIconic.USER32(?), ref: 0041F916
                                                  • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                  • GetClientRect.USER32(?,?), ref: 0041F958
                                                  • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                  • String ID:
                                                  • API String ID: 2166663075-0
                                                  • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                  • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                  • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                  • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                  Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00020028,?), ref: 00419CFD
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00419D04
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                  • String ID:
                                                  • API String ID: 3639550587-0
                                                  • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                  • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                  • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                  • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                  Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                  • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                  • FindClose.KERNEL32(?), ref: 0046342D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstNext
                                                  • String ID: %s%s\$%s*
                                                  • API String ID: 3541575487-790581550
                                                  • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                  • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                  • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                  • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                  Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                  • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                  • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                  • String ID:
                                                  • API String ID: 2579439406-0
                                                  • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                  • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                  • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                  • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                  Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                  • SHFormatDateTimeW.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Time$DateFileFormatSystem
                                                  • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                  • API String ID: 750415452-3598614746
                                                  • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                  • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                  • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                  • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                  Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                  • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_Draw
                                                  • API String ID: 310444273-2074868843
                                                  • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                  • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                  • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                  • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                  Function 00463750 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?,?,?,00462FCF,?), ref: 00463797
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeSpace
                                                  • String ID: C:\
                                                  • API String ID: 1705453755-3404278061
                                                  • Opcode ID: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                  • Instruction ID: 3d361454ac5cdfa27015c84eaa1fed5b08bb663ce5d8b65a2c27fb38a1a831b9
                                                  • Opcode Fuzzy Hash: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                  • Instruction Fuzzy Hash: 4811C5B69087019FC354DF69D98599BB7E4BF9C700F008A2EF4AE83250E731A548CF96
                                                  Function 00462F00 Relevance: 3.2, APIs: 2, Instructions: 213fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,00000003), ref: 0046300E
                                                  • FindClose.KERNEL32(00000000), ref: 0046301E
                                                    • Part of subcall function 004631F0: FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Find$FileFirst$Close
                                                  • String ID:
                                                  • API String ID: 2810966245-0
                                                  • Opcode ID: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                  • Instruction ID: 9b1d8f8ee81afef67cdd5002a011b417e39822a31e6c33f357b0cfbac9d9b473
                                                  • Opcode Fuzzy Hash: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                  • Instruction Fuzzy Hash: A38161711083819FC314DF14D988AABBBE8FFD9715F000A2EF59A83291DB749948CB67
                                                  Function 00460070 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 9847766-0
                                                  • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                  • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                  • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                  • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                  Function 0044E632 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CPUIdleTime$DefragmentedFiles
                                                  • API String ID: 0-2316729871
                                                  • Opcode ID: fa926da56835dab94863fbd5844e43ac5abbff677069c9f91eade4e4ae1bbaa6
                                                  • Instruction ID: 4265ec7a2905381e87a2c1842474841a06b16d7d686af1bc121e8bda833e767f
                                                  • Opcode Fuzzy Hash: fa926da56835dab94863fbd5844e43ac5abbff677069c9f91eade4e4ae1bbaa6
                                                  • Instruction Fuzzy Hash: 07A1D561D086A48AFB218624DC48BDBBBB5EF51314F0880F9D48C67282D67E5FC5CF66
                                                  Function 00474040 Relevance: 2.5, APIs: 2, Instructions: 32memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcessHeap.KERNEL32 ref: 00474063
                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00474074
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Heap$FreeProcess
                                                  • String ID:
                                                  • API String ID: 3859560861-0
                                                  • Opcode ID: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                  • Instruction ID: 0e5b393c9cfaccf242b34e640deb84f37198d475fe7bd5f1c49fe5a9f1fc366a
                                                  • Opcode Fuzzy Hash: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                  • Instruction Fuzzy Hash: BDF05E716002405BD7209FA5D848FA3779C9F85350F04C12EE65D873A1DB79E881CB99
                                                  Function 00445001 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BA>E
                                                  • API String ID: 0-645006911
                                                  • Opcode ID: bc4fa643debbf4bcd5537b7a557a8f701e400dfbe1eedd3fd2a4ae9e9655e5b1
                                                  • Instruction ID: 2c00498287cb6a033ded8a03b3806c498bcf30c90e87e8c3b9fed7f2d9614b28
                                                  • Opcode Fuzzy Hash: bc4fa643debbf4bcd5537b7a557a8f701e400dfbe1eedd3fd2a4ae9e9655e5b1
                                                  • Instruction Fuzzy Hash: E822ABB1D046288FFB248A14CC94BEAB7B6FB84314F1481FAD84DA6281D7785EC5CF56
                                                  Function 00420B40 Relevance: 1.5, APIs: 1, Instructions: 22windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsIconic.USER32(?), ref: 00420B4C
                                                    • Part of subcall function 00420970: GetWindowRect.USER32(?,?), ref: 004209E6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: IconicRectWindow
                                                  • String ID:
                                                  • API String ID: 3467660236-0
                                                  • Opcode ID: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                  • Instruction ID: f9d6239d05f36fe70fa0ff212e7df7f15f460ae1a1a005da7839878c6ec85a4b
                                                  • Opcode Fuzzy Hash: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                  • Instruction Fuzzy Hash: 58E012723002348BD7319B65A444B9736E87B04788F8445EFA045C71B2D768E884C65C
                                                  Function 00445F29 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: <>OK
                                                  • API String ID: 0-597924685
                                                  • Opcode ID: f3d557e2cc55acc22ac23534bdcefee3bf607215e7d3991af6010be74ceb7976
                                                  • Instruction ID: c33b91dd0c826d43d63d31094c99de62a084a914c3105ccc756c55205d07e21c
                                                  • Opcode Fuzzy Hash: f3d557e2cc55acc22ac23534bdcefee3bf607215e7d3991af6010be74ceb7976
                                                  • Instruction Fuzzy Hash: 2D919BB0D042688FEB64CB14CC857EEBBB1FB55304F1481EAD44D66282D7796EC58F26
                                                  Function 0044E0BE Relevance: .5, Instructions: 478COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61b293b4d2318e6fb07c8c4eef3d6c9a48d98c8c6761d6c11cafb8eed7a235a9
                                                  • Instruction ID: bd41e2cbef2c911b19377e8b6f425b11a959b284f14bf86eebf085987e07593c
                                                  • Opcode Fuzzy Hash: 61b293b4d2318e6fb07c8c4eef3d6c9a48d98c8c6761d6c11cafb8eed7a235a9
                                                  • Instruction Fuzzy Hash: B512DDB1D045698BEB24CB15CC80BEABBB5FF81315F1481EAD84D67281D6385EC2CF96
                                                  Function 004470CC Relevance: .5, Instructions: 467COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 59cfc53ef90b2254810d4a5621bec8ebc2375744dd978962e8105de0f0a05330
                                                  • Instruction ID: 58137c758735a57be00be8ce86c674a41732069789811a520f33af7333796763
                                                  • Opcode Fuzzy Hash: 59cfc53ef90b2254810d4a5621bec8ebc2375744dd978962e8105de0f0a05330
                                                  • Instruction Fuzzy Hash: 4502AFB1D092189BF724CB15DC85AEAB775EF84310F1081FAE80DA7281E7795EC2CB56
                                                  Function 00445826 Relevance: .5, Instructions: 464COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44396e552c1f7e86b32c03ff0208ce65e15dfd18c42d6523e97e56fa52d1e800
                                                  • Instruction ID: c50d6017e01669eee6c567765ef00a81d094629d143012ca658501a2b3810aaa
                                                  • Opcode Fuzzy Hash: 44396e552c1f7e86b32c03ff0208ce65e15dfd18c42d6523e97e56fa52d1e800
                                                  • Instruction Fuzzy Hash: A9127AB1D045288FEB24CB14CC94BEAB7B1EB85304F1481EAE84966382E7786FC5CF55
                                                  Function 0044DA8F Relevance: .4, Instructions: 387COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b34a762273ee061f80794f33739c3cc353d830de765f92d5b592b254d211972
                                                  • Instruction ID: ae16511d812dce30284fc28f53d3677ab0b889c9d5b74ea87153ecd8ed8226aa
                                                  • Opcode Fuzzy Hash: 0b34a762273ee061f80794f33739c3cc353d830de765f92d5b592b254d211972
                                                  • Instruction Fuzzy Hash: 78F1ACB1D046688FFB24CB14CC94BEABBB4FB94305F1481EAD84D66281DA789EC5CF51
                                                  Function 0044919A Relevance: .4, Instructions: 378COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9327b1a9ca0b0f3421943ea25b52ddc984c045294be308b07f9f173cece4f42a
                                                  • Instruction ID: 6db451eb5f9548dd8e5b20c4fc8264e12c907e5043b7ceca97ba3b0fed8b38bd
                                                  • Opcode Fuzzy Hash: 9327b1a9ca0b0f3421943ea25b52ddc984c045294be308b07f9f173cece4f42a
                                                  • Instruction Fuzzy Hash: C8F1ABB1D042289BEB24CA14CC90AEBB7B5EF85311F1481EAD80D67785E7395EC2DF46
                                                  Function 0044F08A Relevance: .4, Instructions: 360COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91fd7660e28522a05e641110b8f188fd5d9be9c1e7a0f45e1ec1835d4457473a
                                                  • Instruction ID: 404bbff9f629b959c7294fde3c222c8045b9ffebb70311b9f935718f0f61a6fc
                                                  • Opcode Fuzzy Hash: 91fd7660e28522a05e641110b8f188fd5d9be9c1e7a0f45e1ec1835d4457473a
                                                  • Instruction Fuzzy Hash: 67E19BB1D045698FEB24CB24CC90BEBB7B5EF85304F1481FAD80967641DA389ECA8F55
                                                  Function 0044195C Relevance: .3, Instructions: 346COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a976ae8e255a8422b152b5e609f9052bf7d9cb7f75a2a80e51f88550ebebbd0
                                                  • Instruction ID: f49022c6301bf6fc3e4f6537bf76f5ae821ce0a1231060156b25b3e9786f84da
                                                  • Opcode Fuzzy Hash: 6a976ae8e255a8422b152b5e609f9052bf7d9cb7f75a2a80e51f88550ebebbd0
                                                  • Instruction Fuzzy Hash: 0AD130B1D041588AFB248A15DC987FFBBB2EF91304F1480BBD84966290D77D1EC6CB66
                                                  Function 004462F2 Relevance: .3, Instructions: 313COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c3be9420b988c6fc1dd2a0e4b03e872e165893051f06ec04f2359d8f9610d75
                                                  • Instruction ID: 5a79d8bf956c0bdc7ceaa8171fcd947b092d60c7374ac7110e042767ed19d3c7
                                                  • Opcode Fuzzy Hash: 0c3be9420b988c6fc1dd2a0e4b03e872e165893051f06ec04f2359d8f9610d75
                                                  • Instruction Fuzzy Hash: B6C1CDB1C041688FFB24CB14CC45BEABBB5EB85314F0481FAD84DA6280D7B91EC58F96
                                                  Function 0044D770 Relevance: .3, Instructions: 301COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de516dabd129fd56f26a91dbbeb69703f98c842e1e46bec721eab91faeda68e8
                                                  • Instruction ID: dcf7698ca455f4904f067c27e7b1d18c97ccab95eafbacc57233ef9efd1f90ac
                                                  • Opcode Fuzzy Hash: de516dabd129fd56f26a91dbbeb69703f98c842e1e46bec721eab91faeda68e8
                                                  • Instruction Fuzzy Hash: 9DB102B2C041688AFB248B15DC44BFBBBB4FB84310F1481FAD84DA6681D67C5EC58F66
                                                  Function 004444A0 Relevance: .3, Instructions: 291COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e3b06751aff5d0b64acc5ef7e4dd941fcc30c42268abf1d704d0d41565f78bd
                                                  • Instruction ID: 02f722651d388241de9f6802ec3b0a1478efcb7e0cd31901add9f61787811e57
                                                  • Opcode Fuzzy Hash: 3e3b06751aff5d0b64acc5ef7e4dd941fcc30c42268abf1d704d0d41565f78bd
                                                  • Instruction Fuzzy Hash: 47D1ACB0D052A88FEB20CB14CC90BEABBB5EF86301F1481EAD449A7641D3795ED5CF56
                                                  Function 00444299 Relevance: .3, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70ed945a8b96f81049037df7d854d2f73b80e2b29cfe25cc39e8835a63a9b885
                                                  • Instruction ID: 69d76c261a118cad1e89766cd718f7f2fe3f9fc397caf99c49cf359dc5304d4a
                                                  • Opcode Fuzzy Hash: 70ed945a8b96f81049037df7d854d2f73b80e2b29cfe25cc39e8835a63a9b885
                                                  • Instruction Fuzzy Hash: 94B1EFB1D042689EEB208B10DC847EAB7B5FF91314F0481FAD84D66281E7785EC6CF66
                                                  Function 0050DE5C Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                  • Instruction ID: 5f65285439b790b28c0d3b905ad07066762363c037cdec378342d8cce10f23cf
                                                  • Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                  • Instruction Fuzzy Hash: 37B129316106099FD725CF28C48AB697FA0FF45364F298A58E89ACF2E1C375E991CB40
                                                  Function 00440C0B Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab7d670791ae4365e93746358c7d7109ef997f694f4916dfee5c18d747a51107
                                                  • Instruction ID: 648013c8afd17356fdfcbdf9dd08b093be654ef96ce46dfb7415a146451040d1
                                                  • Opcode Fuzzy Hash: ab7d670791ae4365e93746358c7d7109ef997f694f4916dfee5c18d747a51107
                                                  • Instruction Fuzzy Hash: 4B9115B2D042248AF7248B55DC94AFFBB75EF81314F1441BAD90DA7680E27D5BC2CB52
                                                  Function 0044D9A8 Relevance: .3, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0be59ca6b2f2039c826c70fa3ee521fc9fd7b0f6f41babc8eb3bde99fe63a6bf
                                                  • Instruction ID: 8e15065f8c29d1b7cf8f908b489aa1ce7d06ff39181f95b59b8a9dc98161aceb
                                                  • Opcode Fuzzy Hash: 0be59ca6b2f2039c826c70fa3ee521fc9fd7b0f6f41babc8eb3bde99fe63a6bf
                                                  • Instruction Fuzzy Hash: FBA135A2C041698AF7208A24DC44BFBBBB4EF95310F14C1FAD84DA6681D67C5EC58F62
                                                  Function 00446493 Relevance: .3, Instructions: 258COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 75d5d1cd00b498bee3353d302e6bdd1359f69ffa36d20e2762f60e069feb5e59
                                                  • Instruction ID: 84c568042ea740d0497574be8e3a2bb167ffc2893a13ce7bca37e6f216cd2c6f
                                                  • Opcode Fuzzy Hash: 75d5d1cd00b498bee3353d302e6bdd1359f69ffa36d20e2762f60e069feb5e59
                                                  • Instruction Fuzzy Hash: 87B1D0B1D041688EEB208B14CC447FABBB5FB92304F1581EAD48D66280E7BD5ED6CF56
                                                  Function 00443FF0 Relevance: .2, Instructions: 240COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 833ce9a755739b3d62ead75d107e496432158e00a4eba1d80654f11eedcfd977
                                                  • Instruction ID: 244e05ece963da1a38c0e5fa4cb79f43e81cd47651011a0f8d1eea5a4a60868d
                                                  • Opcode Fuzzy Hash: 833ce9a755739b3d62ead75d107e496432158e00a4eba1d80654f11eedcfd977
                                                  • Instruction Fuzzy Hash: 0291D6B2D052689EF7208A10DC85BEB7BB4EB91310F0481FAD84D56681D77D5FC68FA2
                                                  Function 00440503 Relevance: .2, Instructions: 228COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecaf1ad0e23fe9d4c4b5b6de1f1f563f54fd8fab33c33a21530b3e583bc3873b
                                                  • Instruction ID: 26f52f55ea8009497c1629c36fd35984153c8396abb75ee90bb0e65b0dcd7fd8
                                                  • Opcode Fuzzy Hash: ecaf1ad0e23fe9d4c4b5b6de1f1f563f54fd8fab33c33a21530b3e583bc3873b
                                                  • Instruction Fuzzy Hash: 7F8102B2D006289BF7288B24DC55AEB7778EB45310F1441BBE90D96340E67D6EC6CB62
                                                  Function 00441557 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5d950625dfdf640028428f614887e8a073b28c63e551c84bed3fef4cc434617
                                                  • Instruction ID: fffa25d9ed95aa02f54a2d07350e27317f5c64316ea1e982baae0018db2fe669
                                                  • Opcode Fuzzy Hash: e5d950625dfdf640028428f614887e8a073b28c63e551c84bed3fef4cc434617
                                                  • Instruction Fuzzy Hash: 3CA16BB1E051688BEB24CB15CC90BEABBB6FB85304F1441EAD80967751D3385EC2CF55
                                                  Function 00435F8B Relevance: .2, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dad1483944e8b7f4b760ff7b42054973d63bc9cfb558d6319e843012de63416c
                                                  • Instruction ID: 39baa7ecb548adf3eebcacbf4b6c6ae812223bec3dc1b8de94ddffb161ba2bde
                                                  • Opcode Fuzzy Hash: dad1483944e8b7f4b760ff7b42054973d63bc9cfb558d6319e843012de63416c
                                                  • Instruction Fuzzy Hash: ED8106B3C101155BF72CCA24DD9AAFABB79EB90314F1481BAE90E965C0D67C5FC18E11
                                                  Function 00441D2F Relevance: .2, Instructions: 214COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a4f547e71b125a6b6e37e54dbd600087e1d5741189a0658d4e478ad8bfa5406
                                                  • Instruction ID: 40f4e9cd9ecf4b0cbed5e27e33eb849b9cfbf4d2390a650bd70055c72f032f5d
                                                  • Opcode Fuzzy Hash: 2a4f547e71b125a6b6e37e54dbd600087e1d5741189a0658d4e478ad8bfa5406
                                                  • Instruction Fuzzy Hash: 048129A2D045698AFB248A15CC447FFBBB6FB91310F1480FAD84D66290D77C1FC68B66
                                                  Function 00435E21 Relevance: .2, Instructions: 212COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2df3b25c8ea000ef73fa376597666a704dd14261ffccec2a240dce52f8d75e3f
                                                  • Instruction ID: 1689e58ec8e40555f2a099487ffb8408806ee8751f9aa67b244c681ff50812eb
                                                  • Opcode Fuzzy Hash: 2df3b25c8ea000ef73fa376597666a704dd14261ffccec2a240dce52f8d75e3f
                                                  • Instruction Fuzzy Hash: 647137B2D002155FF728CA14DC9AAEEBB78EB91314F0541FBE80D96580D67C6BC6CE12
                                                  Function 0044CE7A Relevance: .2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40beeaf08903f0290288a70d6b68255c36ab06b113f4c1345ca128c57671ebb6
                                                  • Instruction ID: a6b6c69713712a42ff9771648aca4834d9055319203609ebc5695f1379afe334
                                                  • Opcode Fuzzy Hash: 40beeaf08903f0290288a70d6b68255c36ab06b113f4c1345ca128c57671ebb6
                                                  • Instruction Fuzzy Hash: 71A12870D056688FEB29CF14CD90AEABBB1BF45305F1481EAD80D67396D6349E82CF44
                                                  Function 00435E81 Relevance: .2, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f99e7d7a1f8ec4b25e6820db758fd0f727168853d311cef368a75a82e5c42102
                                                  • Instruction ID: 5bc6d1bcff9bf637e84cd92b2a6d212a66c056f7d1ca83484e407d64f03e3632
                                                  • Opcode Fuzzy Hash: f99e7d7a1f8ec4b25e6820db758fd0f727168853d311cef368a75a82e5c42102
                                                  • Instruction Fuzzy Hash: BB6124B2D012156BF728CA14DC9AAEFBB78EB91310F0580BBE90E566C0D67C5BC1CD12
                                                  Function 0043601A Relevance: .2, Instructions: 186COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9e79440f66d82215e08040ae7b8cff21076937fa3b49343ed833c782c7ae4c5
                                                  • Instruction ID: 4b40686df5592011ce3365f543d7e93e86e37f72a72bbbcbf8b0f20b7cbb4b24
                                                  • Opcode Fuzzy Hash: d9e79440f66d82215e08040ae7b8cff21076937fa3b49343ed833c782c7ae4c5
                                                  • Instruction Fuzzy Hash: B761F4B3D102255BE72CCA24DD9AAEABB79EB50314F1481BAE90E5A1C0D67C5FC5CE01
                                                  Function 00435EB7 Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2686c84798ca998dd7cfa2d2082addd421210205b368e354e751dd8ad3d32f37
                                                  • Instruction ID: 2697c3d3f5c5bfd5fba1f8daeb6a2f076d6ec646bdadcf6004c7553db967bf9b
                                                  • Opcode Fuzzy Hash: 2686c84798ca998dd7cfa2d2082addd421210205b368e354e751dd8ad3d32f37
                                                  • Instruction Fuzzy Hash: DB6103B2D001156BF728CA14DC9AAFEBB79EB90314F1581BFE90E56680D67C5BC1CE12
                                                  Function 0044FE86 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37a845acafdd0a29ac4c7b4074831a14cfc1b68a9bc777fe8afbf7e527c5d603
                                                  • Instruction ID: deddecd41c2fa19f73ecc9b8d8d9d00bd04aa73390d5133298caa82c90daff75
                                                  • Opcode Fuzzy Hash: 37a845acafdd0a29ac4c7b4074831a14cfc1b68a9bc777fe8afbf7e527c5d603
                                                  • Instruction Fuzzy Hash: A45135B2D142258BE7348A14DC40BEBBBB4EB41315F0481FBD80D67A81D63C6EC98F92
                                                  Function 0043604F Relevance: .2, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6684b24350b44f05ccec653d0781f8fe7a5bdaac947e2c330c1d5919653e79bd
                                                  • Instruction ID: 3c11b29ef80cba295704405448227358a0886f855df376c0ceffec62aa5442e1
                                                  • Opcode Fuzzy Hash: 6684b24350b44f05ccec653d0781f8fe7a5bdaac947e2c330c1d5919653e79bd
                                                  • Instruction Fuzzy Hash: 6B6106B3D102155BE72CCA14DD9AAEABB79EB50314F0481BBE90E5A1C0D6BC5FC1CE01
                                                  Function 00502A5F Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 193ee71bb4219eb56612ecd312c4419e302a5ed9f49001b7e0465b3d0f90fd54
                                                  • Instruction ID: 1e6ae11eecee1b83898ede065f6c0902e16aff3f515b9f00e4b9fb02dc7855d5
                                                  • Opcode Fuzzy Hash: 193ee71bb4219eb56612ecd312c4419e302a5ed9f49001b7e0465b3d0f90fd54
                                                  • Instruction Fuzzy Hash: 51519DB1A002058FEB25CF65D9997AEBBF0FB48350F25847AC805EB2A0D3749D84CF90
                                                  Function 00441D18 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a206cb3c957c46cb7273b6480975c447422fde24a0f35ab24bd71ad5306757c
                                                  • Instruction ID: 1badcda8b0e2eab407895870587e2864906d07c188596678f8c46e97445a98bf
                                                  • Opcode Fuzzy Hash: 0a206cb3c957c46cb7273b6480975c447422fde24a0f35ab24bd71ad5306757c
                                                  • Instruction Fuzzy Hash: F551E8B1C085688EFB208615CC447EBBBB5EB51301F1480FBD84D66291C77C1EC98FA6
                                                  Function 0043474B Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a7183b77312226af36b009482c7b04464dd371dcf658fdc324afddd451580bc
                                                  • Instruction ID: f996fd0297d356f7ff9e8fc78c1b5c7d11a6f1931723a71c1bb443dca88dca47
                                                  • Opcode Fuzzy Hash: 6a7183b77312226af36b009482c7b04464dd371dcf658fdc324afddd451580bc
                                                  • Instruction Fuzzy Hash: 6D51F6B2D052158FE728CF24CE85ADABBB6EB95304F05C1EED40DA7685C734AB85CE41
                                                  Function 004364F7 Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8aa6faefc4d1fe1794716a70d3d892491f7bf9dd4bbf7cdf2654cf0f31b25e18
                                                  • Instruction ID: ade615a21a985f36af2b69a9ca14a6891f22190c22624a891bf398d2a657438f
                                                  • Opcode Fuzzy Hash: 8aa6faefc4d1fe1794716a70d3d892491f7bf9dd4bbf7cdf2654cf0f31b25e18
                                                  • Instruction Fuzzy Hash: 4A41B3B2D052649FE728CA24CDD5ADFBBB5EB84304F1081FAE409A7284C7785BC5CE41
                                                  Function 00468F80 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc8fab578d26ae280e5a371ba6263eff5d2ee102e577d996c3397e258968f6ef
                                                  • Instruction ID: 25f691dd9f4b04871031b08211d0b3aff43497b52775273811143d25c2d92c00
                                                  • Opcode Fuzzy Hash: dc8fab578d26ae280e5a371ba6263eff5d2ee102e577d996c3397e258968f6ef
                                                  • Instruction Fuzzy Hash: 0211C933769A1007E76C843C58523AB418743E5738F298B2FA936C63E8E97DCD42515E
                                                  Function 00402140 Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 304windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                    • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                    • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                  • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                  • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                  • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                  • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                    • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                  • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                    • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                  • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                  • API String ID: 3599163918-2734650818
                                                  • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                  • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                  • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                  • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                  Function 00428720 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 131windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCursorPos.USER32(00000000), ref: 0042872A
                                                  • CreatePopupMenu.USER32 ref: 00428751
                                                  • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                  • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                  • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                  • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                  • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                  • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                  • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                  • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                  • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$Append$CreateCursorPopup
                                                  • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                  • API String ID: 2468982102-1766060818
                                                  • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                  • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                  • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                  • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                  Function 004164C0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 304windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetComboBoxInfo.USER32 ref: 00416520
                                                  • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                  • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                  • GetClientRect.USER32(?,?), ref: 0041658E
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                  • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                  • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                  • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                  • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                  • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                    • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                  • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                  • CopyRect.USER32(?,?), ref: 0041683E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                  • String ID: 4$COMBOBOX
                                                  • API String ID: 3327461832-2064896087
                                                  • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                  • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                  • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                  • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                  Function 00432180 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 303windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                  • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                  • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$`=
                                                  • API String ID: 3850602802-2611688555
                                                  • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                  • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                  • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                  • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                  Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                  • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Object
                                                  • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                  • API String ID: 2936123098-848768055
                                                  • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                  • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                  • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                  • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                  Function 00421750 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 306windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                  • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                  • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                    • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,675A81B8), ref: 004215AC
                                                  • GetTickCount.KERNEL32 ref: 004218F0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CountRedrawTickWindow
                                                  • String ID: 3401097$ScheduleStart$` Zt$`=
                                                  • API String ID: 1016491994-1829443342
                                                  • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                  • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                  • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                  • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                  Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                  • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                  • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                  • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                  • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                  • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                  • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                  • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                  • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                  • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                  • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                  • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                  • String ID: &$>=
                                                  • API String ID: 1279047860-1654677323
                                                  • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                  • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                  • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                  • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                  Function 00453F10 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 201fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,00000328,?,00000000), ref: 00453F69
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453FDE
                                                  • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454016
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328,00000000,00000000), ref: 00454026
                                                  • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454057
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 00454066
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?), ref: 00454071
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540A7
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540D7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                  • String ID: C:\$\\.\C:
                                                  • API String ID: 4273481478-2866759028
                                                  • Opcode ID: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                  • Instruction ID: dcbbcf768856184cb3fb00598b231148ced9fb8d52ef67d3d26bd90cee913ac4
                                                  • Opcode Fuzzy Hash: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                  • Instruction Fuzzy Hash: CA616C72608300AFC310DF69D88196BF7E4FFD8711F804A2EF55987291EB759848CB96
                                                  Function 00453BD0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 200fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00453C29
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453C9B
                                                  • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453CD3
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045B451), ref: 00453CE3
                                                  • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453D14
                                                  • GetLastError.KERNEL32 ref: 00453D23
                                                  • CloseHandle.KERNEL32(00000000), ref: 00453D2E
                                                  • CloseHandle.KERNEL32(00000000), ref: 00453D64
                                                  • CloseHandle.KERNEL32(00000000), ref: 00453D94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                  • String ID: C:\$\\.\C:
                                                  • API String ID: 4273481478-2866759028
                                                  • Opcode ID: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                  • Instruction ID: 4e319efc0b140ea32d15ab3920dd7af36ea307e7c4a1d425a09acf6eef36fbe0
                                                  • Opcode Fuzzy Hash: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                  • Instruction Fuzzy Hash: D9617BB2608300AFC314DF69DC8196BF7F4EFD8751F804A2EF55983251E77599088B9A
                                                  Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(004216E9), ref: 00422459
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                  • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                  • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                  • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                  • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                  • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                  • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timer$Window
                                                  • String ID:
                                                  • API String ID: 389327760-0
                                                  • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                  • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                  • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                  • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                  Function 0040ECF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyRect.USER32(?,?), ref: 0040ED30
                                                  • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                  • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                  • CopyRect.USER32(?,?), ref: 0040EF77
                                                  • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                  • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                  • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                  • String ID:
                                                  • API String ID: 2897418849-3916222277
                                                  • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                  • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                  • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                  • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                  Function 00425C00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 161windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadMenuW.USER32(00000000), ref: 00425C5A
                                                  • GetSubMenu.USER32(?,00000003), ref: 00425C85
                                                  • CheckMenuItem.USER32(?,00008029,00000008), ref: 00425DAB
                                                  • GetWindowRect.USER32(?,00000088), ref: 00425DBD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$CheckItemLoadRectWindow
                                                  • String ID: 1003007$1003008$1003009$1003010$3401095$DefragFinish$DiskDefrag
                                                  • API String ID: 64815558-1687404023
                                                  • Opcode ID: ead8703bd85feaaf811e813f8d945daf84a0c683d4c383d215f8f4dd8e18e0af
                                                  • Instruction ID: 4418ca87599e6f793fb4d10bf028e48e6936bb9db45e74f47fa123fcf7e21ce3
                                                  • Opcode Fuzzy Hash: ead8703bd85feaaf811e813f8d945daf84a0c683d4c383d215f8f4dd8e18e0af
                                                  • Instruction Fuzzy Hash: 2151CAB1794701BAE350AB609C47FAB7268AB84B14F10C91FB75EB65C0CEFCA405875D
                                                  Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                  • API String ID: 3850602802-328498535
                                                  • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                  • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                  • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                  • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                  Function 00417F00 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 110windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00417F45
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00417F5B
                                                  • SendMessageW.USER32(0047D9D0,00001001,00000000,?), ref: 0041804D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3401074$3401075$3401076$3401077$8<$DiskDefrag$Mid_Back_Color$Window
                                                  • API String ID: 3850602802-2758692112
                                                  • Opcode ID: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                  • Instruction ID: 56ac88722a8962ac1f975558d68bc042bced7a88e006b99efbc398d4c5261ff8
                                                  • Opcode Fuzzy Hash: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                  • Instruction Fuzzy Hash: B23156B07903007AE274EB258C83FEA72659F44B14F20452FB71E762D1CEF97844565C
                                                  Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                    • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: InvalidateMessageRectSend
                                                  • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                  • API String ID: 909852535-1675042175
                                                  • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                  • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                  • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                  • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                  Function 00451C80 Relevance: 18.2, APIs: 12, Instructions: 181commemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000), ref: 00451CBB
                                                  • CoCreateInstance.OLE32(0047D360,00000000,00000001,0047D170,?), ref: 00451CDF
                                                  • VariantInit.OLEAUT32(?), ref: 00451CF8
                                                  • VariantInit.OLEAUT32(?), ref: 00451D24
                                                  • VariantInit.OLEAUT32(?), ref: 00451D4B
                                                  • VariantInit.OLEAUT32(?), ref: 00451D72
                                                  • VariantClear.OLEAUT32(?), ref: 00451E17
                                                  • VariantClear.OLEAUT32(?), ref: 00451E1E
                                                  • VariantClear.OLEAUT32(?), ref: 00451E25
                                                  • VariantClear.OLEAUT32 ref: 00451E37
                                                  • SysAllocString.OLEAUT32(0047EF4C), ref: 00451E69
                                                  • SysFreeString.OLEAUT32(00000000), ref: 00451EA8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearInit$String$AllocCreateFreeInitializeInstance
                                                  • String ID:
                                                  • API String ID: 162617764-0
                                                  • Opcode ID: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                  • Instruction ID: 4a3acebe906db87488b43d3aef87afcda0e18f97818647458927d115f12b3f92
                                                  • Opcode Fuzzy Hash: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                  • Instruction Fuzzy Hash: 08712875A183509FC310CF68C844A5ABBE8FF89B20F158A5EF99897360D775E804CF92
                                                  Function 0042FDF0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 331windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042FE87
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                    • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                  • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FF25
                                                  • SendMessageW.USER32(?,000083FE,?,?), ref: 0042FF79
                                                  • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FFF3
                                                  • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00430097
                                                    • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                  • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 0043015F
                                                    • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                  • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00430211
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                  • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                  • API String ID: 206244367-2061274879
                                                  • Opcode ID: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                  • Instruction ID: 62bdf63df222c89057064cae7919c1e413492940edc838130925d2253cd5f780
                                                  • Opcode Fuzzy Hash: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                  • Instruction Fuzzy Hash: 80C1E5312043008BC710EF24D995B9BB7E5BF88704F500A7EF9499B296DB74ED49CB9A
                                                  Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                  • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                  • GetClientRect.USER32(?,?), ref: 0040FD46
                                                  • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                  • GetCursorPos.USER32(?), ref: 0040FE29
                                                  • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                  • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                  • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                  • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                  • String ID: d
                                                  • API String ID: 883400287-2564639436
                                                  • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                  • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                  • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                  • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                  Function 0042D9D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 0042DA84
                                                  • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                  • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                  • FillRect.USER32(?,?,?), ref: 0042DB38
                                                  • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                  Strings
                                                  • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0042DA43
                                                  • ColorIndex, xrefs: 0042DA3E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                  • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                  • API String ID: 24576784-1631410767
                                                  • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                  • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                  • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                  • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                  Function 00456AB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00456B14
                                                    • Part of subcall function 00454290: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00454306
                                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 00456B57
                                                  • CloseHandle.KERNEL32 ref: 00456B7E
                                                  • CloseHandle.KERNEL32 ref: 00456BA5
                                                  • CloseHandle.KERNEL32(?,?,?,00000000,00000000), ref: 00456BD6
                                                  • CloseHandle.KERNEL32(?,?,?,00000001,00000000), ref: 00456C07
                                                  • CloseHandle.KERNEL32(?,?,?,00000001,00000001), ref: 00456C38
                                                  • CloseHandle.KERNEL32(00000000), ref: 00456C5F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$CreateFileUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: \\.\C:
                                                  • API String ID: 1066634676-259948872
                                                  • Opcode ID: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                  • Instruction ID: 9c2aacaccead671dbc3a96f70d0e1eab3c71fbf61e1a23b3dd7d7caf89dd1f7c
                                                  • Opcode Fuzzy Hash: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                  • Instruction Fuzzy Hash: C75109377043006BD214AF69AC86BAEB394EF9C725F80013FF509D3282DA255548C7AB
                                                  Function 00422890 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 139windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadMenuW.USER32(00000000), ref: 004228FF
                                                  • GetSubMenu.USER32(00000004,00000000), ref: 0042292A
                                                  • GetCursorPos.USER32(675A81B8), ref: 00422945
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$CursorLoad
                                                  • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]
                                                  • API String ID: 3043871728-3947735280
                                                  • Opcode ID: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                  • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                  • Opcode Fuzzy Hash: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                  • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                  Function 0042EA80 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042EAE3
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042EAF7
                                                  • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0042EB36
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402007$3402033$3402037$3402038$3402039$3402040
                                                  • API String ID: 3850602802-3173017236
                                                  • Opcode ID: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                  • Instruction ID: f302c9e8cacf912969436f53e573b816ab0f893bb8e7c3a9347613e7e3a9d812
                                                  • Opcode Fuzzy Hash: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                  • Instruction Fuzzy Hash: 0021D7F0BE074035E6B5BA614D43FEE21295F84F49F20880BB75E7A9C2CADC3941629D
                                                  Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SysFreeString.OLEAUT32(00000000), ref: 0045382E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FreeString
                                                  • String ID:
                                                  • API String ID: 3341692771-0
                                                  • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                  • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                  • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                  • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                  Function 0040F790 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 372windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32 ref: 0040F806
                                                  • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                  • CopyRect.USER32(?,?), ref: 0040F845
                                                  • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                  • GetClientRect.USER32(?,?), ref: 0040F88B
                                                    • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                    • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                  • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageRectSend$Copy$Client
                                                  • String ID: $6
                                                  • API String ID: 201260696-4183747533
                                                  • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                  • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                  • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                  • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                  Function 005044CB Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • type_info::operator==.LIBVCRUNTIME ref: 005045EA
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 005046F8
                                                  • CatchIt.LIBVCRUNTIME ref: 00504749
                                                  • _UnwindNestedFrames.LIBCMT ref: 0050484A
                                                  • CallUnexpected.LIBVCRUNTIME ref: 00504865
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 4119006552-393685449
                                                  • Opcode ID: 572779a4cda57f4ebac76820afd998f5d068b1f0c8c5320e3f4a8170288887dc
                                                  • Instruction ID: 5dd21464bb712edaca5d39657731a3d44e727a7ea374a4dbe15693b69206165e
                                                  • Opcode Fuzzy Hash: 572779a4cda57f4ebac76820afd998f5d068b1f0c8c5320e3f4a8170288887dc
                                                  • Instruction Fuzzy Hash: 18B1ADB180020AEFCF14DFA4C8859AEBFB5FF45310F14855AEA156B292D331DA61CF91
                                                  Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CopyRect
                                                  • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                  • API String ID: 1989077687-1885521073
                                                  • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                  • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                  • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                  • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                  Function 00418660 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                  • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                  • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CriticalEnterSection
                                                  • String ID: %.2f%%$%I64u
                                                  • API String ID: 2245208738-2288124401
                                                  • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                  • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                  • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                  • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                  Function 00418A70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 249windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                    • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                  • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                  • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                    • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                  • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                    • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                  • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                  • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                  • API String ID: 206244367-2061274879
                                                  • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                  • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                  • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                  • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                  Function 0042CCB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 192windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000133D,00000000,00000001), ref: 0042CE5B
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,?,675A81B8,?,?,?,?,?,?,?,?,?,004217B6), ref: 0042CEBD
                                                  • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042CEF4
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042CF49
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$RedrawWindow
                                                  • String ID: %s (%c:)$%s (%s)$3401034$3401126
                                                  • API String ID: 648961319-3732436656
                                                  • Opcode ID: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                  • Instruction ID: fd74af85edc4f78d52bbe53b36b76dc0b3b7e67d0ab5ffb778a9a62391dde0ea
                                                  • Opcode Fuzzy Hash: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                  • Instruction Fuzzy Hash: 0E718D716043409FD324DF64DD85FABBBF4EF88700F10492EFA5A96290DBB4A944CB5A
                                                  Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                  • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                  • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                  • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: NtQuerySystemInformation$ntdll
                                                  • API String ID: 3025674679-3593917365
                                                  • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                  • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                  • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                  • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                  Function 0042CAA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                  • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                  • GetParent.USER32(?), ref: 0042CB0D
                                                  • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                  • IsWindowVisible.USER32(?), ref: 0042CB35
                                                  • GetParent.USER32(?), ref: 0042CB43
                                                  • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$NotifyParentVisibleWindow
                                                  • String ID: `=
                                                  • API String ID: 2910063261-2762138152
                                                  • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                  • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                  • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                  • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                  Function 00421BC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,675A81B8), ref: 00421BFF
                                                  • GetCursorPos.USER32(?), ref: 00421C0A
                                                  • LoadMenuW.USER32(00000000), ref: 00421C48
                                                  • GetSubMenu.USER32(?,00000001), ref: 00421C73
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$CursorLoadRectWindow
                                                  • String ID: 3401014$3401015$3401098$3401131
                                                  • API String ID: 539701409-459607355
                                                  • Opcode ID: f201b73e3f44a350be9c0be91d5a56932565eb1e6c8c0a690cc3ab9f05582354
                                                  • Instruction ID: aabc8bb0dc6c93bda9c7aa98bf8ca1edfc519584f33f3993db52bfb4b78a6ed8
                                                  • Opcode Fuzzy Hash: f201b73e3f44a350be9c0be91d5a56932565eb1e6c8c0a690cc3ab9f05582354
                                                  • Instruction Fuzzy Hash: 6A41B6B17543406AD324AB65DC42FAF73A8AF84B14F108A1FB65EA26C0CE7CA405879D
                                                  Function 00402760 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 122windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                  • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402041$3402042$DiskDefrag$Images$close$open
                                                  • API String ID: 3850602802-3786962624
                                                  • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                  • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                  • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                  • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                  Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ActiveMessageWindow
                                                  • String ID: 3400001$3400101$3401090$rY
                                                  • API String ID: 3610105657-3605576623
                                                  • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                  • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                  • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                  • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                  Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                  • GetCursorPos.USER32(?), ref: 00416BCF
                                                  • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                  • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                  • PtInRect.USER32(?,?,?), ref: 00416C10
                                                  • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                  • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                  • PtInRect.USER32(?,?,?), ref: 00416C98
                                                  • InvalidateRect.USER32(?), ref: 00416CC7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                  • String ID:
                                                  • API String ID: 2454936240-0
                                                  • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                  • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                  • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                  • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                  Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyRect.USER32(?,?), ref: 004318DA
                                                  • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                  • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                  • SelectObject.GDI32(?,?), ref: 00431BEF
                                                  • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                  • String ID: Z
                                                  • API String ID: 54210234-1505515367
                                                  • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                  • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                  • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                  • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                  Function 00410D00 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 242COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>
                                                  • API String ID: 0-135031447
                                                  • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                  • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                  • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                  • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                  Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00497DC0), ref: 00401305
                                                    • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,?,?,00497DC0), ref: 00401316
                                                    • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                    • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                  • GetSysColor.USER32(0000000F), ref: 00465580
                                                  • SetRect.USER32 ref: 004655DE
                                                  • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                  • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                  • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                  • String ID: 8<$Arial
                                                  • API String ID: 3457378621-1936108657
                                                  • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                  • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                  • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                  • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                  Function 00424430 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 157windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                    • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                    • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                    • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                    • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                    • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                  • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                    • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                    • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                  • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                  • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$ScheduleStart
                                                  • API String ID: 784092869-278688185
                                                  • Opcode ID: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                  • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                  • Opcode Fuzzy Hash: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                  • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                  Function 00465A50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32(?), ref: 00465A5F
                                                  • GetWindowRect.USER32(?,?), ref: 00465A78
                                                  • GetClientRect.USER32(?,?), ref: 00465B27
                                                  • GetDC.USER32(?), ref: 00465B49
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                  • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                  • String ID: Button_Check
                                                  • API String ID: 330964712-1860365581
                                                  • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                  • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                  • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                  • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                  Function 00455770 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 004557C8
                                                  • GetDiskFreeSpaceW.KERNEL32 ref: 00455855
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeInformationSpaceVolume
                                                  • String ID: C:\$FAT$FAT16$FAT32$NTFS
                                                  • API String ID: 3270478670-3579686192
                                                  • Opcode ID: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                  • Instruction ID: 9d95486116a49aac5a83eb76fc3575ce500acb11c4e489ecfb74c34df7f4e439
                                                  • Opcode Fuzzy Hash: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                  • Instruction Fuzzy Hash: 65316071A183015BD714EF24DC52B7B7BE4AF88705F44492EF949D6290E638D508CB9B
                                                  Function 0042F8E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042F900
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042F916
                                                  • SendMessageW.USER32(?,00001001,00000000,?), ref: 0042FA08
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3401074$3401075$3401076$3401077
                                                  • API String ID: 3850602802-1879149864
                                                  • Opcode ID: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                  • Instruction ID: b1405050125067dfa2b98fefbbf4893992a49d55c405f1a2d248d2381da72ad7
                                                  • Opcode Fuzzy Hash: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                  • Instruction Fuzzy Hash: 0D3168F07903007BE674EB258D83FEA72A59B44B54F20892FB71E762D1CAF87844965C
                                                  Function 004549E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                  • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                  • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                  • String ID: C:\$NTFS$\\.\C:
                                                  • API String ID: 1233574911-974996950
                                                  • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                  • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                  • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                  • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                  Function 0042D380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: Selected$`=
                                                  • API String ID: 3850602802-3404155819
                                                  • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                  • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                  • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                  • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                  Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                  • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                  • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                  • GetClientRect.USER32(?,?), ref: 00420AFB
                                                  • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                  • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ClientRect
                                                  • String ID: Button_Check
                                                  • API String ID: 1925248871-1860365581
                                                  • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                  • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                  • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                  • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                  Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SysFreeString.OLEAUT32(00000000), ref: 00453297
                                                  • SysAllocString.OLEAUT32(?), ref: 00453332
                                                  • VariantInit.OLEAUT32(?), ref: 004533BF
                                                  • VariantInit.OLEAUT32(?), ref: 004533E6
                                                  • SysFreeString.OLEAUT32(?), ref: 004534A6
                                                  • VariantClear.OLEAUT32(?), ref: 004534B7
                                                  • VariantClear.OLEAUT32(?), ref: 004534BE
                                                  • VariantClear.OLEAUT32(?), ref: 004534C5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearString$FreeInit$Alloc
                                                  • String ID:
                                                  • API String ID: 1906771560-0
                                                  • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                  • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                  • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                  • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                  Function 004181A0 Relevance: 10.7, APIs: 7, Instructions: 190windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(?), ref: 004181B6
                                                  • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                  • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                  • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                  • GetClientRect.USER32(?,?), ref: 0041833E
                                                  • GetWindowRect.USER32(?,?), ref: 00418350
                                                  • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectWindow$ClientMessageSend
                                                  • String ID:
                                                  • API String ID: 1071774122-0
                                                  • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                  • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                  • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                  • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                  Function 0042EF10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042EF55
                                                  • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF6C
                                                  • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF88
                                                  • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 0042EFF2
                                                  • SendMessageW.USER32(?,00001008,?,00000000), ref: 0042F0A9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: `=
                                                  • API String ID: 3850602802-2762138152
                                                  • Opcode ID: 8d7d0f90405c0db02407356b524343ea1688046f3f407ec86f19511bc27f9993
                                                  • Instruction ID: 4a8da6b0a3b4820785d32a6e99519bf5ba1baf34d33d3eec9a517c422a0835b5
                                                  • Opcode Fuzzy Hash: 8d7d0f90405c0db02407356b524343ea1688046f3f407ec86f19511bc27f9993
                                                  • Instruction Fuzzy Hash: 9C51E2716083109BD720DF25E981B5BB7F4FB88710F800A7EF94997392D775E8058B9A
                                                  Function 0042ED50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SHBrowseForFolderW.SHELL32 ref: 0042EDC0
                                                  • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0042EDEF
                                                  • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE38
                                                  • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE65
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042EEC4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$LongName$BrowseFolderFromListMessageSend
                                                  • String ID: 3402075
                                                  • API String ID: 3410855119-2194680865
                                                  • Opcode ID: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                  • Instruction ID: 60252550f2a576e17c879c635a3a802f8da064449550e8d1e332f21db53478d5
                                                  • Opcode Fuzzy Hash: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                  • Instruction Fuzzy Hash: 3F416471508301AFD310DF65DDC8EABBBE8FB58351F40092EF55A921E0D7749849CB5A
                                                  Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ActiveMessageWindow
                                                  • String ID: 3400001$3400101$3401090$rY
                                                  • API String ID: 3610105657-3605576623
                                                  • Opcode ID: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                  • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                  • Opcode Fuzzy Hash: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                  • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                  Function 005035CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 00503601
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00503609
                                                  • _ValidateLocalCookies.LIBCMT ref: 00503692
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 005036BD
                                                  • _ValidateLocalCookies.LIBCMT ref: 00503712
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 80e18b6aafd1d9acec2835737ad136747c20234a7744efa4a1d943050bc4d395
                                                  • Instruction ID: 8c319b8de6cf368726d111083056fe9cedfc1dc51f9fc976aac1017ab9f9d3cb
                                                  • Opcode Fuzzy Hash: 80e18b6aafd1d9acec2835737ad136747c20234a7744efa4a1d943050bc4d395
                                                  • Instruction Fuzzy Hash: E1417234A00205AFCF10DF69C845A9EBFA9FF85314F1481A6E8196B3D2D7329B15CB91
                                                  Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 004674EB
                                                  • GetParent.USER32(?), ref: 004674FB
                                                  • GetWindowRect.USER32(?,?), ref: 0046751B
                                                  • GetParent.USER32(?), ref: 0046752A
                                                  • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                  • String ID:
                                                  • API String ID: 1335343179-0
                                                  • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                  • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                  • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                  • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                  Function 00423480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                  • GetCursorPos.USER32(675A81B8), ref: 00423545
                                                  • SetForegroundWindow.USER32(?), ref: 0042354F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CursorForegroundMenuWindow
                                                  • String ID: 3401016
                                                  • API String ID: 390680170-1597404659
                                                  • Opcode ID: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                  • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                  • Opcode Fuzzy Hash: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                  • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                  Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                  • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                  • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                  • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                  • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                  • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                  • String ID:
                                                  • API String ID: 4196163336-0
                                                  • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                  • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                  • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                  • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                  Function 00424270 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,675A81B8,75C05540,?,?,00421AA0,675A81B8), ref: 004242B3
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                    • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                  • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RedrawWindow$MessageSend
                                                  • String ID: %s: %I64u $3401050$3401080
                                                  • API String ID: 730354411-73662114
                                                  • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                  • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                  • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                  • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                  Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetForegroundWindow.USER32(?), ref: 00423369
                                                  • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                  • GetLastError.KERNEL32 ref: 00423452
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                  • String ID: $>$3401082$3401083
                                                  • API String ID: 4150770455-2005305407
                                                  • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                  • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                  • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                  • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                  Function 00432E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432EB2
                                                  • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432EF5
                                                  • SendMessageW.USER32(?,00001008,-00000002,00000000), ref: 00432F33
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402077$3402078$3402079
                                                  • API String ID: 3850602802-670106401
                                                  • Opcode ID: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                  • Instruction ID: c04858277577f06559cf2ee2803e4bbf63125390443237cb6e41332b9df5dc51
                                                  • Opcode Fuzzy Hash: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                  • Instruction Fuzzy Hash: 3A2183B56947406BD321DF50CD86FAB73A8EB88B11F10491FF31EA25C0CAA8A804976D
                                                  Function 00431D10 Relevance: 9.1, APIs: 6, Instructions: 129windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 00431D46
                                                  • CreateCompatibleDC.GDI32(?), ref: 00431D78
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431D9E
                                                  • SelectObject.GDI32(?,?), ref: 00431DBC
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00431DCA
                                                  • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00431E69
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreate$BitmapClientMessageObjectRectSelectSend
                                                  • String ID:
                                                  • API String ID: 2414545248-0
                                                  • Opcode ID: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                  • Instruction ID: 8bb2e0385ae3c531c2e170360c03eff7dceb5b5f9b27b4236f5b68df8b256744
                                                  • Opcode Fuzzy Hash: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                  • Instruction Fuzzy Hash: 22412AB1508340AFC314DF68C985E5BBBE8FBC8714F048A1EF59993291DBB4E904CB66
                                                  Function 0045FB10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 371fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,675A81B8), ref: 0045FBFD
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045FD6C
                                                  • GetLastError.KERNEL32 ref: 00460023
                                                  • CloseHandle.KERNEL32(?), ref: 00460032
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateErrorFileHandleLastUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: \\.\C:
                                                  • API String ID: 2002255750-259948872
                                                  • Opcode ID: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                  • Instruction ID: f68b579a164141f6a35d8a11ab023a6fd55b536e149a63f8f0d67cb16e8cd9f8
                                                  • Opcode Fuzzy Hash: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                  • Instruction Fuzzy Hash: 53F139B15183419FC324DF25C881AAFB7E4BF89714F104A2EF99983351E778A948CB97
                                                  Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                  • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExtentPoint32Text
                                                  • String ID: ...$`=
                                                  • API String ID: 223599850-889875407
                                                  • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                  • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                  • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                  • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                  Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                  • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                  • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                  • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                    • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                    • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                  • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                  • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                  • String ID:
                                                  • API String ID: 1847558199-0
                                                  • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                  • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                  • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                  • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                  Function 00424AE0 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                  • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                  • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                  • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                  Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 0041109B
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                  • IsWindowVisible.USER32(?), ref: 004110CF
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                  • IsWindowVisible.USER32(?), ref: 0041110B
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSendVisibleWindow
                                                  • String ID:
                                                  • API String ID: 3984873885-0
                                                  • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                  • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                  • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                  • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                  Function 004298F0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                  • TranslateMessage.USER32(?), ref: 0042999A
                                                  • DispatchMessageW.USER32(?), ref: 004299A1
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                  • String ID:
                                                  • API String ID: 1800058468-0
                                                  • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                  • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                  • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                  • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                  Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                  • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                  • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                  • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                  • GetBkColor.GDI32(?), ref: 0040EA78
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreate$BitmapColorMode
                                                  • String ID:
                                                  • API String ID: 451781270-0
                                                  • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                  • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                  • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                  • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                  Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 004650D8
                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Release
                                                  • String ID:
                                                  • API String ID: 1035833867-0
                                                  • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                  • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                  • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                  • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                  Function 00455E40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0045619C
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 004561B2
                                                  • GetTickCount.KERNEL32 ref: 004561D8
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00456226
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Time$FileSystem$CountCriticalEnterSectionTick
                                                  • String ID: `=
                                                  • API String ID: 220952284-2762138152
                                                  • Opcode ID: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                  • Instruction ID: 934190aa3f0b3ae95b724ee9cdb0041c178ee72d2cde610639a7ed787e377e39
                                                  • Opcode Fuzzy Hash: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                  • Instruction Fuzzy Hash: FDD117B1A04B06EFC314DF65C484A9AFBE4FF48701F904A1EE85993611DB34B958CF9A
                                                  Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                  • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$InvalidateRect
                                                  • String ID: Button_Check$`=
                                                  • API String ID: 2778011698-3236272720
                                                  • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                  • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                  • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                  • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                  Function 00432BF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432C6E
                                                  • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432CB4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402077$3402078$tFH
                                                  • API String ID: 3850602802-2744557037
                                                  • Opcode ID: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                  • Instruction ID: 0052325b0c9a5ab111783a0a252863c2f47d3c18ee4d5c8230f443e5887af2fe
                                                  • Opcode Fuzzy Hash: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                  • Instruction Fuzzy Hash: 415160712083819FD325EF20DE99FDBB7E4AF99704F00491EF18E92191CBB46948CB5A
                                                  Function 00416960 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                  • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                  • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                    • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                    • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                    • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                    • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                    • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                  • String ID: LISTVIEW
                                                  • API String ID: 2600991427-1680257557
                                                  • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                  • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                  • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                  • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                  Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                  • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                  • KillTimer.USER32(?,00000002), ref: 00424770
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Timer$InvalidateKillRectRedrawWindow
                                                  • String ID: `=
                                                  • API String ID: 4168450595-2762138152
                                                  • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                  • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                  • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                  • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                  Function 0041DC20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SHBrowseForFolderW.SHELL32 ref: 0041DC8E
                                                  • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0041DCBD
                                                  • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0041DD06
                                                  • GetLongPathNameW.KERNEL32(675A81B8,00000000), ref: 0041DD33
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$LongName$BrowseFolderFromList
                                                  • String ID: 3402075
                                                  • API String ID: 4132326259-2194680865
                                                  • Opcode ID: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                  • Instruction ID: a9706069ea416aad4f302c8e8149c97dc391afa5e31a47db3cf999b1b5352ce6
                                                  • Opcode Fuzzy Hash: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                  • Instruction Fuzzy Hash: AD4152715083419FC314EF64DD88AABBBF4FB89710F400A3EF65A922A0DB759944CB5A
                                                  Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                  • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                  • SHCreateDirectory.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$CreateDirectoryExistsFileFolderSpecial
                                                  • String ID: DiskDefrag$\DiskDefrag
                                                  • API String ID: 106629909-1352560241
                                                  • Opcode ID: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                  • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                  • Opcode Fuzzy Hash: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                  • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                  Function 00465E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect
                                                  • String ID: `=
                                                  • API String ID: 1517587568-2762138152
                                                  • Opcode ID: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                  • Instruction ID: 398bc34aaeb48a28786a3eeef8d096b9ba9882d646282afc346b5bddce66a1f9
                                                  • Opcode Fuzzy Hash: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                  • Instruction Fuzzy Hash: 36417E32200A048FD724EFA9E884E6BF3A5EF94321B05852FE84A97611DB35F840CB55
                                                  Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                  • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                  • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: PowrProf.dll$SetSuspendState
                                                  • API String ID: 145871493-1420736420
                                                  • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                  • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                  • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                  • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                  Function 004657C0 Relevance: 7.6, APIs: 5, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                  • GdiplusShutdown.GDIPLUS(?,?,675A81B8,00093C38,?,?,?,?,00000000,0047812F,000000FF,0041A4F1,675A81B8,00093C38), ref: 00465814
                                                  • DeleteObject.GDI32(?), ref: 004658CF
                                                  • DeleteObject.GDI32(?), ref: 00465921
                                                  • DeleteObject.GDI32(?), ref: 00465973
                                                  • DeleteObject.GDI32(?), ref: 004659C5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DeleteObject$GdiplusShutdown
                                                  • String ID:
                                                  • API String ID: 1337965791-0
                                                  • Opcode ID: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                  • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                  • Opcode Fuzzy Hash: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                  • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                  Function 00454C60 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aullrem$__aulldiv
                                                  • String ID:
                                                  • API String ID: 3670715282-0
                                                  • Opcode ID: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                  • Instruction ID: fa94849079e70c1b34915df37323d6afc94868806176a113829b563514bd0fbf
                                                  • Opcode Fuzzy Hash: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                  • Instruction Fuzzy Hash: 43311775208305AFD200EA65E881D2FB3E9EBC8749F50491EF98497302D738FD498AB6
                                                  Function 004262A0 Relevance: 7.6, APIs: 5, Instructions: 74stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(0041F6D0,?,75C05540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,75C05540,00000001,00000000,?,00000000,00000000,?,75C05540,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                  • GetLastError.KERNEL32(?,75C05540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,75C05540,00000001,00000000,00000000,00000000,00000000,?,75C05540,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,75C05540,00000001,00000000,00000000,00000000,00000000,?,75C05540,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                  • String ID:
                                                  • API String ID: 3322701435-0
                                                  • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                  • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                  • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                  • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                  Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$Client$EventMouseTrack
                                                  • String ID:
                                                  • API String ID: 1879027383-0
                                                  • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                  • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                  • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                  • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                  Function 0046CF70 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 0046CF84
                                                  • SelectObject.GDI32(?,?), ref: 0046CFAB
                                                  • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0046CFCB
                                                  • SelectObject.GDI32(?,00000000), ref: 0046CFDA
                                                  • ReleaseDC.USER32(00000000,?), ref: 0046CFF1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect$Release
                                                  • String ID:
                                                  • API String ID: 3581861777-0
                                                  • Opcode ID: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                  • Instruction ID: daceeca4effa55fca9f5214fa6f3dce8251d9e38b51f783a69048b93fac7a53b
                                                  • Opcode Fuzzy Hash: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                  • Instruction Fuzzy Hash: 751115B5200601AFC314DFA9C9C8C27B7EAFF88600700C62DB94987601DB35FC45CB64
                                                  Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,?), ref: 00416443
                                                  • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                  • GetParent.USER32(?), ref: 00416467
                                                  • GetParent.USER32(?), ref: 0041647A
                                                  • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$Parent$InflateInvalidateWindow
                                                  • String ID:
                                                  • API String ID: 3567486610-0
                                                  • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                  • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                  • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                  • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                  Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.KERNEL32(00497DC0), ref: 0040122D
                                                  • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                  • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                  • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                  • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                  • String ID:
                                                  • API String ID: 3506214061-0
                                                  • Opcode ID: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                  • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                  • Opcode Fuzzy Hash: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                  • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                  Function 00404840 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 299COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentObject.GDI32(?,00000006), ref: 0040496A
                                                  • GetCurrentObject.GDI32(?,00000006), ref: 0040497C
                                                  • GetObjectW.GDI32(?,0000005C,?), ref: 0040498F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Object$Current
                                                  • String ID: Pm)u
                                                  • API String ID: 794720297-3463418517
                                                  • Opcode ID: 1c15ff392ba4ccc552d1cc8ccfec82d3bdfd914156950518807fb3f3c9dd7546
                                                  • Instruction ID: 20de2fea0a77186f2b8b7da5da4347ef9f16a332326cf680508f5ccd498c1f2d
                                                  • Opcode Fuzzy Hash: 1c15ff392ba4ccc552d1cc8ccfec82d3bdfd914156950518807fb3f3c9dd7546
                                                  • Instruction Fuzzy Hash: E2B12AB16083019FC714DF28C984A6BB7E5BBC8710F148A2EF69997395D734E805CB9A
                                                  Function 00422D50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422F48
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterRedrawSectionWindow
                                                  • String ID: DiskChecked$DiskDefrag$`=
                                                  • API String ID: 142774367-3347577070
                                                  • Opcode ID: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                  • Instruction ID: fed9d3ca3bfe53db5501e1f63bebbc1333baccd255b2eb749adb8bf470123f53
                                                  • Opcode Fuzzy Hash: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                  • Instruction Fuzzy Hash: E151A43170061AABC31CEF6CD995AA9F3A1BB84300F85862EED158B781D7B4B951DBC4
                                                  Function 00467820 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteObject.GDI32(00000000), ref: 00467935
                                                  • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DeleteObject
                                                  • String ID: `=
                                                  • API String ID: 4188969710-2762138152
                                                  • Opcode ID: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                  • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                  • Opcode Fuzzy Hash: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                  • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                  Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                  • API String ID: 0-2901586747
                                                  • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                  • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                  • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                  • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                  Function 00431060 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                  Strings
                                                  • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0043118A
                                                  • ColorIndex, xrefs: 00431185
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                  • API String ID: 3850602802-1631410767
                                                  • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                  • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                  • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                  • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                  Function 004238A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemPowerStatus.KERNEL32 ref: 00423907
                                                  • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 004239E8
                                                  • GetLongPathNameW.KERNEL32(675A81B8,00000000), ref: 00423A15
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: LongNamePath$PowerStatusSystem
                                                  • String ID: 3400003
                                                  • API String ID: 2229323602-2398869336
                                                  • Opcode ID: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                  • Instruction ID: 559a5a5f11ad9cbb26b2ef481da3000354db79d5173c1cf665cce4c119cf32f6
                                                  • Opcode Fuzzy Hash: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                  • Instruction Fuzzy Hash: 3C51C6712083419FD310EF20DD85BABB7F8AF88715F50092EF199921D1DB78AA49CB5A
                                                  Function 00422A90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422C04
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterRedrawSectionWindow
                                                  • String ID: DiskChecked$DiskDefrag$`=
                                                  • API String ID: 142774367-3347577070
                                                  • Opcode ID: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                  • Instruction ID: 0b9e0d0bd62f39a9103a5831cbb30b95e2098115bf74eedd830be0e4041926e5
                                                  • Opcode Fuzzy Hash: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                  • Instruction Fuzzy Hash: 644196313007059FC728EE2DDD85BAAB7E1BF84304F94852EED468F385DAB4B845C654
                                                  Function 00402A30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                    • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                  • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                    • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                  • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                  • String ID: C:\
                                                  • API String ID: 2359154852-3404278061
                                                  • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                  • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                  • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                  • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                  Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32 ref: 004619BD
                                                  • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastMessage
                                                  • String ID: %c:\$Disk Defrag
                                                  • API String ID: 463093485-3222931339
                                                  • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                  • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                  • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                  • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                  Function 00410B80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,?), ref: 00410C49
                                                  • ExpandEnvironmentStringsW.KERNEL32(%HOMEDRIVE%,?,0000000C), ref: 00410C8F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandInformationStringsVolume
                                                  • String ID: %HOMEDRIVE%$NTFS
                                                  • API String ID: 1751349637-3402063299
                                                  • Opcode ID: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                  • Instruction ID: 637acb8aad6857eaaece39300668810a01c8d3601b07b0b48692e68ec32a0e85
                                                  • Opcode Fuzzy Hash: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                  • Instruction Fuzzy Hash: 224160706083019BD714DF75CA86BAB77E4AF88704F40493EB949C7291EBB8D984CB5A
                                                  Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: InformationVolume
                                                  • String ID: FAT$FAT16$FAT32
                                                  • API String ID: 2039140958-3969911809
                                                  • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                  • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                  • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                  • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                  Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                  • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Timer$Kill
                                                  • String ID: 3401028$3401029
                                                  • API String ID: 3307318486-3858196228
                                                  • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                  • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                  • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                  • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                  Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: EmptyRect
                                                  • String ID: Button$CDoubleDraw$Default
                                                  • API String ID: 2270935405-580154339
                                                  • Opcode ID: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                  • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                  • Opcode Fuzzy Hash: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                  • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                  Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                  • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Window$Defer$BeginRedraw
                                                  • String ID: Button_Check
                                                  • API String ID: 2284443614-1860365581
                                                  • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                  • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                  • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                  • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                  Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • mciSendCommandW.WINMM ref: 0041E210
                                                  • mciGetErrorStringW.WINMM(00000000,?,00000080), ref: 0041E23D
                                                  • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CommandSend$ErrorString
                                                  • String ID: %s/n
                                                  • API String ID: 1543859921-1476993579
                                                  • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                  • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                  • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                  • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                  Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                    • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                    • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                  • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                  • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                  • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                  • String ID: >=
                                                  • API String ID: 1500692541-3263226258
                                                  • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                  • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                  • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                  • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                  Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415319,?,?,675A81B8,?,?,00000000,675A81B8,?,675A81B8,?,00000000,00000000), ref: 00415253
                                                  • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_GetImageInfo
                                                  • API String ID: 310444273-158344479
                                                  • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                  • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                  • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                  • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                  Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415489,?,?,675A81B8,?,?,00000000,004070E8,?,675A81B8,?,00000000,00000000), ref: 004153D0
                                                  • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                  Strings
                                                  • ImageList_GetImageCount, xrefs: 004153F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_GetImageCount
                                                  • API String ID: 310444273-4246500564
                                                  • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                  • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                  • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                  • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                  Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00403E46,?,?,675A81B8), ref: 00403DA0
                                                  • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_AddMasked
                                                  • API String ID: 310444273-822293376
                                                  • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                  • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                  • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                  • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                  Function 00423E70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000040), ref: 00423E73
                                                  • SetPriorityClass.KERNEL32(00000000), ref: 00423E7A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClassCurrentPriorityProcess
                                                  • String ID: DiskDefrag$Priority
                                                  • API String ID: 1822496659-2550450721
                                                  • Opcode ID: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                  • Instruction ID: 65e6db7a757ac2f859af6c567d4dd87af2ab39161d08e9a40c4738524f0132bc
                                                  • Opcode Fuzzy Hash: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                  • Instruction Fuzzy Hash: F3D05BB1580300BFE2006B90CC4EF553654EB00705F504419BB09950E2C6F55188C7AE
                                                  Function 00423E30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000020), ref: 00423E33
                                                  • SetPriorityClass.KERNEL32(00000000), ref: 00423E3A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClassCurrentPriorityProcess
                                                  • String ID: DiskDefrag$Priority
                                                  • API String ID: 1822496659-2550450721
                                                  • Opcode ID: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                  • Instruction ID: 0765593b2bd4a548dc4285e73e255d63b39630105a75dc21cbbf118713a2a5a8
                                                  • Opcode Fuzzy Hash: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                  • Instruction Fuzzy Hash: 1DD05B71580300BBE1006B90CC4EF553658EB00705F50441DBB09950E2C6F45188C76A
                                                  Function 00423EB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000080), ref: 00423EB6
                                                  • SetPriorityClass.KERNEL32(00000000), ref: 00423EBD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClassCurrentPriorityProcess
                                                  • String ID: DiskDefrag$Priority
                                                  • API String ID: 1822496659-2550450721
                                                  • Opcode ID: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                  • Instruction ID: cd9b91bb96566d5ac382291ffc385f6ffd504ff47ee525bf2600b2da5630117b
                                                  • Opcode Fuzzy Hash: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                  • Instruction Fuzzy Hash: F8D05EB1680301BFE200ABD0CC4EF5A3668EB00B05F90881DFB09950E2CAF45188CBAA
                                                  Function 00504274 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: 2f0b33c3719e7fcaed95029fb5341bdd68b0aeebc8bb7a8e810e980fd1942554
                                                  • Instruction ID: 8d54b60b4dbcadace8c8d92a661b26f00d94fd6d5e2cfe78c5a792aa377a4210
                                                  • Opcode Fuzzy Hash: 2f0b33c3719e7fcaed95029fb5341bdd68b0aeebc8bb7a8e810e980fd1942554
                                                  • Instruction Fuzzy Hash: 2451CFB6605203AFDB299F55D845BAEBFA4FF40310F24992DEA05872D1E731AC91CF90
                                                  Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                  • GetClientRect.USER32(?,?), ref: 0042C88F
                                                  • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                  • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClientMessageRectSend
                                                  • String ID:
                                                  • API String ID: 166717107-0
                                                  • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                  • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                  • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                  • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                  Function 00410A20 Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • GetParent.USER32(?), ref: 00410AB3
                                                  • GetParent.USER32(?), ref: 00410AC5
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                    • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                  • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                  • String ID:
                                                  • API String ID: 1290606431-0
                                                  • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                  • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                  • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                  • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                  Function 00451F00 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClearVariant$AllocString
                                                  • String ID:
                                                  • API String ID: 2502263055-0
                                                  • Opcode ID: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                  • Instruction ID: d31ef5bb5228e6c3ad645c8f3d1319e11389829958ef149dbed2cab14c92e82a
                                                  • Opcode Fuzzy Hash: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                  • Instruction Fuzzy Hash: 15316F722087059FC310CF58C880B5BB7E8EF88718F104A2EF95997350DB79E909CB9A
                                                  Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(?), ref: 0041056D
                                                  • GetWindowRect.USER32(?,?), ref: 0041058D
                                                    • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                    • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                    • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                    • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                  • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                  • GetWindowRect.USER32(?,?), ref: 0041063B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                  • String ID:
                                                  • API String ID: 2970461787-0
                                                  • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                  • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                  • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                  • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                  Function 0040F130 Relevance: 6.1, APIs: 4, Instructions: 89windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(?), ref: 0040F162
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                  • GetClientRect.USER32(?,?), ref: 0040F19B
                                                  • ReleaseDC.USER32(?,?), ref: 0040F210
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClientMessageRectReleaseSend
                                                  • String ID:
                                                  • API String ID: 1863454828-0
                                                  • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                  • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                  • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                  • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                  Function 00454EF0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aulldiv__aullrem
                                                  • String ID:
                                                  • API String ID: 3839614884-0
                                                  • Opcode ID: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                  • Instruction ID: 61ee5ff977679a68600c6b3ba5455a9d5faea7aa6e4a004e82da9cd24f1d17ea
                                                  • Opcode Fuzzy Hash: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                  • Instruction Fuzzy Hash: 8B21D2B6608351AFC310DE59D880E6BBBE8EBD9305F00495DF8849B302D275EC458BB6
                                                  Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                    • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                  • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProcSleep
                                                  • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                  • API String ID: 451317006-1228882529
                                                  • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                  • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                  • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                  • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                  Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                  • GetLastError.KERNEL32 ref: 00463581
                                                  • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                  • GetLastError.KERNEL32 ref: 004635C7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceErrorLast
                                                  • String ID:
                                                  • API String ID: 2645620995-0
                                                  • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                  • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                  • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                  • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                  Function 0041AA90 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(?), ref: 0041AADC
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                  • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                  • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExtentMessagePoint32ReleaseSendText
                                                  • String ID:
                                                  • API String ID: 3220701275-0
                                                  • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                  • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                  • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                  • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                  Function 00503B1B Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00503B37
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00503B50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Value___vcrt_
                                                  • String ID:
                                                  • API String ID: 1426506684-0
                                                  • Opcode ID: 4bf36c79f714d2a89cb30e494d94226b7eda414baaf82c223360c7aa9f7a0c6f
                                                  • Instruction ID: 7353190b5c751d0058e391ed670595676dc79ce1cec29b7a24e191303f1d6a31
                                                  • Opcode Fuzzy Hash: 4bf36c79f714d2a89cb30e494d94226b7eda414baaf82c223360c7aa9f7a0c6f
                                                  • Instruction Fuzzy Hash: 3801DE321096225EE7203BA4BC8AA6F3F9CBB82378B20033AF024410E1EB514E516205
                                                  Function 00454FD0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __allrem.LIBCMT ref: 00454FE5
                                                  • __alldvrm.LIBCMT ref: 00454FF8
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045500B
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00455044
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm__allrem
                                                  • String ID:
                                                  • API String ID: 2089711351-0
                                                  • Opcode ID: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                  • Instruction ID: 1642b9dd75f3a4511d1f743995959062418e168b9dabd897861ea646df64c966
                                                  • Opcode Fuzzy Hash: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                  • Instruction Fuzzy Hash: 44112AB5A00A00AFC324CF66C985D27BBE9EFC8714721C92EB59A87745D675FC40CB64
                                                  Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                  • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                  • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Cursor$Load$Destroy
                                                  • String ID:
                                                  • API String ID: 2883253431-0
                                                  • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                  • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                  • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                  • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                  Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                  • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                  • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                  • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                  • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                  • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                  • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                  Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aulldiv
                                                  • String ID: `=
                                                  • API String ID: 3732870572-2762138152
                                                  • Opcode ID: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                  • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                  • Opcode Fuzzy Hash: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                  • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                  Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: `=
                                                  • API String ID: 885266447-2762138152
                                                  • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                  • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                  • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                  • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                  Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aulldiv
                                                  • String ID: `=
                                                  • API String ID: 3732870572-2762138152
                                                  • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                  • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                  • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                  • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                  Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterQueryRecycleSection
                                                  • String ID: C:\$`=
                                                  • API String ID: 1132591718-3292444104
                                                  • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                  • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                  • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                  • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                  Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                  • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CurrentProcess
                                                  • String ID: P
                                                  • API String ID: 2050909247-3110715001
                                                  • Opcode ID: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                  • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                  • Opcode Fuzzy Hash: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                  • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                  Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                    • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                    • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                    • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                  • GetLogicalDrives.KERNEL32 ref: 00427273
                                                  • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                  • String ID: C:\
                                                  • API String ID: 2354564324-3404278061
                                                  • Opcode ID: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                  • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                  • Opcode Fuzzy Hash: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                  • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                  Function 00430EA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00430FF8
                                                  Strings
                                                  • DiskDefrag\Setting Option\Gereral, xrefs: 0043102F
                                                  • DefragFinishRingtone, xrefs: 0043102A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: DefragFinishRingtone$DiskDefrag\Setting Option\Gereral
                                                  • API String ID: 3850602802-1318132366
                                                  • Opcode ID: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                  • Instruction ID: 0a2994e761213e214e5a4d6a869241ea1e3b325438042f93d97e0811baed8686
                                                  • Opcode Fuzzy Hash: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                  • Instruction Fuzzy Hash: CE41717074820566EA30B7725D23BAF21489F1CB98F00562FFA19953C2FBEDD885859F
                                                  Function 00504870 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Catch
                                                  • String ID: MOC$RCC
                                                  • API String ID: 78271584-2084237596
                                                  • Opcode ID: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                  • Instruction ID: 7f3e499a65fa1b5ee95370a69dc2f62e8b798b9dea4c67a4a9596effe2b86ecb
                                                  • Opcode Fuzzy Hash: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                  • Instruction Fuzzy Hash: 754159B1900209AFCF15DF98CD85AEEBFB5BF48304F1485A9FA04A6291D335AD60DF50
                                                  Function 00422C50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,675A81B8,?,?), ref: 00426E01
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422CFC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterRedrawSectionWindow
                                                  • String ID: DiskChecked$DiskDefrag
                                                  • API String ID: 142774367-2981518532
                                                  • Opcode ID: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                  • Instruction ID: c399ede082bf33e8358967d7bf4ff09710be0966645c3ad0fdc692b3c116348a
                                                  • Opcode Fuzzy Hash: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                  • Instruction Fuzzy Hash: EE21B1726003189BC728EE1DDD85BDAB7A0AF84700F90452DFE158F282DBB4AA04C798
                                                  Function 00507C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ~P
                                                  • API String ID: 0-500931198
                                                  • Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                  • Instruction ID: 3f53a812ee88c614be39cb66f25ae1a6b01f6845a1ee28e41b72ee3cff38c9b7
                                                  • Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                  • Instruction Fuzzy Hash: 62215E72A0820AAFDB10AF619C45A7E7FA9FF493647108525F915971D1D730FC5097A0
                                                  Function 0041DDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DE53
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Volume$MountNamePoint
                                                  • String ID: C:\$DiskDefrag\SSD
                                                  • API String ID: 1269602640-2872339364
                                                  • Opcode ID: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                  • Instruction ID: c621563c8422bd9a998db8b3ae63383a0df01fc5d31629062189869ad5b1e679
                                                  • Opcode Fuzzy Hash: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                  • Instruction Fuzzy Hash: 16316AB1908701AFC314DF64DD85B5ABBE4FB88710F00492EF94A97290E735E948CB9A
                                                  Function 004320A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                    • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                  • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                  • API String ID: 3850602802-4101677200
                                                  • Opcode ID: a7ecd865da0df2bb232f126fd46e96288e5579d4912ca2fd9b8e9ccdcbeaa992
                                                  • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                  • Opcode Fuzzy Hash: a7ecd865da0df2bb232f126fd46e96288e5579d4912ca2fd9b8e9ccdcbeaa992
                                                  • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                  Function 0041DF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DF73
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Volume$MountNamePoint
                                                  • String ID: C:\$DiskDefrag\SSD
                                                  • API String ID: 1269602640-2872339364
                                                  • Opcode ID: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                  • Instruction ID: 5d073b895f258575d86a17cdac6f59c45116d1a3496c0b5e65ce3dbb7a15869e
                                                  • Opcode Fuzzy Hash: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                  • Instruction Fuzzy Hash: 7B213CB5908301DFC304DF64D985B9ABBE4FF98710F004A2EF45A83290EB74D588CB96
                                                  Function 00402590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402044$CPUIdleTime
                                                  • API String ID: 3850602802-2665702501
                                                  • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                  • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                  • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                  • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                  Function 00402660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402045$CPUUsageExceed
                                                  • API String ID: 3850602802-436957165
                                                  • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                  • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                  • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                  • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                  Function 0045CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNEL32(?,675A81B8,?,?,?,00478D19,000000FF,0045997D,?), ref: 0045CF8C
                                                  • CreateFileW.KERNEL32(?,00000080,00000007,00000000,00000003,20000000,00000000), ref: 0045CFE9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID: \\?\
                                                  • API String ID: 415043291-4282027825
                                                  • Opcode ID: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                  • Instruction ID: 901598558c3e4d11bc3258ba10a6420141faa6f62916cefdcf4a46bf13df9223
                                                  • Opcode Fuzzy Hash: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                  • Instruction Fuzzy Hash: EB1173766083009FE310CB54EC89F5BB7A9FB84721F10492EF959973D0D7789848C795
                                                  Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                    • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                    • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                    • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                  • GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                  • String ID: C:\
                                                  • API String ID: 16435998-3404278061
                                                  • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                  • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                  • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                  • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                  Function 0042CF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CF9B
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042CFF6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageRedrawSendWindow
                                                  • String ID: `=
                                                  • API String ID: 1030633669-2762138152
                                                  • Opcode ID: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                  • Instruction ID: d25022c26ba7c65596874a3e6aca49c08802d942c9937e1375339a52bc2b998b
                                                  • Opcode Fuzzy Hash: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                  • Instruction Fuzzy Hash: 46018B313006119BD7349A79DA89FDFB3A5AB94700F15481FF24ABB2C0CAF47881C64C
                                                  Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                  • RegCloseKey.ADVAPI32 ref: 0041A811
                                                    • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                    • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                    • Part of subcall function 0041A820: SHCreateDirectory.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                  Strings
                                                  • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$CloseCreateDirectoryExistsFileFolderOpenSpecial
                                                  • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                  • API String ID: 2992731242-3464295076
                                                  • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                  • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                  • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                  • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                  Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateExchangeInterlocked
                                                  • String ID: }I
                                                  • API String ID: 1770991917-1906338323
                                                  • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                  • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                  • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                  • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                  Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                  • DeleteDC.GDI32(00000000), ref: 004012C4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DeleteExchangeInterlocked
                                                  • String ID: }I
                                                  • API String ID: 1722977832-1906338323
                                                  • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                  • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                  • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                  • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                  Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                  • GetLastError.KERNEL32 ref: 0041A793
                                                  Strings
                                                  • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorLastMutex
                                                  • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                  • API String ID: 1925916568-1835452401
                                                  • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                  • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                  • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                  • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                  Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                  • GetLastError.KERNEL32 ref: 0041A753
                                                  Strings
                                                  • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021326683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2021305082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021401117.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021464870.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021486749.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021509821.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021581289.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021662788.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681257.000000000054B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021761404.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021782723.0000000000559000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021801709.000000000055F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021850080.0000000000562000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021877282.000000000056B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021939470.0000000000570000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021976657.000000000059D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2022009115.00000000005A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorLastMutex
                                                  • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                  • API String ID: 1925916568-3123431990
                                                  • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                  • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                  • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                  • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                  Executed Functions

                                                  Function 00609098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1935667413.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  • Associated: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Virtual$AllocFree
                                                  • String ID:
                                                  • API String ID: 2087232378-0
                                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                  • Instruction ID: bba4459b27bb45b54d8e65905d2f87f9ac8b3eaa7b9440a593184a649f3bb687
                                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                  • Instruction Fuzzy Hash: 33718C71E4424ADFDB45CF98C981BEEBBF2AF09314F244095E465F7282C234AA91DF64
                                                  Function 006092CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00609314
                                                    • Part of subcall function 00609098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                    • Part of subcall function 00609098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00609366
                                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 006093C0
                                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 006093F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1935667413.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  • Associated: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Virtual$Alloc$Free$Protect
                                                  • String ID: ,
                                                  • API String ID: 1004437363-3772416878
                                                  • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                  • Instruction ID: 738af253e33fc2844edb25ff7b5a8cc7bc7a71a48a5dee11789a4da4251f10ed
                                                  • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                  • Instruction Fuzzy Hash: C951F875940609AFCB24DFA9C881ADFBBF9FF08344F10851AF959A7281D370E951CBA4
                                                  Function 00600BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __freea$__alloca_probe_16
                                                  • String ID:
                                                  • API String ID: 3509577899-0
                                                  • Opcode ID: 79c57f79f9f80a4f3a8dfd6044341aefcd378521cd034f0e504a31617c91e999
                                                  • Instruction ID: d1db885b2c460c7f991c28e553ecb5acb63478c7e1c3c209997550704900956f
                                                  • Opcode Fuzzy Hash: 79c57f79f9f80a4f3a8dfd6044341aefcd378521cd034f0e504a31617c91e999
                                                  • Instruction Fuzzy Hash: 21517F72640606AFFB299FA4CC85FFB7BAAEF45710F150129FD08962D1EB30ED508660
                                                  Function 00601748 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,006012D6,00000001,00000364,00000000,?,000000FF,?,006044E3,?,?,00000000), ref: 00601789
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 085d80160dfa5227f2a7b41197a13d189864007badc9068bc10614bbfd70095f
                                                  • Instruction ID: 865f55459af7f6fa8d62cb293d58a0cf4e8bef58b6640882a43ea9e68599decf
                                                  • Opcode Fuzzy Hash: 085d80160dfa5227f2a7b41197a13d189864007badc9068bc10614bbfd70095f
                                                  • Instruction Fuzzy Hash: 93F0E9316C02356BDB6E2A229C55BAB374BDF837B0B198016FC08DE2D0EB70DC0486E4
                                                  Function 00603D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LCMapStringEx.KERNELBASE(?,00600C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00603D75
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: String
                                                  • String ID:
                                                  • API String ID: 2568140703-0
                                                  • Opcode ID: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                  • Instruction ID: 740aec800bbd3e0fb76d046b126ff8390ddaf2ff82bd4ff66e6689982e7aeed7
                                                  • Opcode Fuzzy Hash: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                  • Instruction Fuzzy Hash: 1AF09D3644022ABBCF165F91DC19DDE3F2BEF48761F098115FA18652A0C732C971EB90
                                                  Function 005FBEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualFree.KERNELBASE(?,00000000,?), ref: 005FBFCE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FreeVirtual
                                                  • String ID:
                                                  • API String ID: 1263568516-0
                                                  • Opcode ID: e60e4068cd93b639c3aa235bc6197db17b8c4abbc8f37a23b828120a77983d2d
                                                  • Instruction ID: 6d62fbc4df2424aea4fad7cdd286ee5a2c4a41254d3b57e97a288d934881401e
                                                  • Opcode Fuzzy Hash: e60e4068cd93b639c3aa235bc6197db17b8c4abbc8f37a23b828120a77983d2d
                                                  • Instruction Fuzzy Hash: 02311671D00209EFDB10CFA9DC90BAEBFF5BB49740F14802AE655A7250D775A904CFA4
                                                  Function 005FBC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNELBASE(00000000), ref: 005FBCC7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID:
                                                  • API String ID: 2962429428-0
                                                  • Opcode ID: 582b8ab440f79654ec23e2522700c06166e2e5b0b67f1b83b93962facb22cafb
                                                  • Instruction ID: fa5fb0e093ad99c0c3e98ea2d5309ac8326e71ece38ba404fdfbdd6bd7d5ea72
                                                  • Opcode Fuzzy Hash: 582b8ab440f79654ec23e2522700c06166e2e5b0b67f1b83b93962facb22cafb
                                                  • Instruction Fuzzy Hash: 59E06DB5A01617BBA3217B20DD19DBB7A6DFF95742309842AFA10E2240DF24DC01C6B1

                                                  Non-executed Functions

                                                  Function 0041FAB0 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 275windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                  • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                  • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                  • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                  • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                  • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                  • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$InfoItem
                                                  • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131$^H
                                                  • API String ID: 1040333723-558355984
                                                  • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                  • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                  • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                  • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                  Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                  • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 295610168-2526466113
                                                  • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                  • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                  • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                  • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                  Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                  • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 2174522762-3670384684
                                                  • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                  • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                  • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                  • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                  Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                  • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                  • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                  • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                  • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                  • FindClose.KERNEL32(?), ref: 00411483
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                  • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                  • API String ID: 2174522762-3670384684
                                                  • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                  • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                  • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                  • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                  Function 0041F8D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsIconic.USER32(?), ref: 0041F916
                                                  • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                  • GetClientRect.USER32(?,?), ref: 0041F958
                                                  • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                  • String ID: 8F
                                                  • API String ID: 2166663075-180763933
                                                  • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                  • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                  • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                  • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                  Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                  • GetLastError.KERNEL32 ref: 0041E14E
                                                  • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                  • String ID: SeShutdownPrivilege
                                                  • API String ID: 107509674-3733053543
                                                  • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                  • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                  • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                  • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                  Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                  • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                  • String ID: %c:\
                                                  • API String ID: 281833627-3142399695
                                                  • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                  • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                  • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                  • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                  Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                  • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                  • FindClose.KERNEL32(?), ref: 0046342D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstNext
                                                  • String ID: %s%s\$%s*
                                                  • API String ID: 3541575487-790581550
                                                  • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                  • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                  • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                  • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                  Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                  • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                  • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                  • String ID:
                                                  • API String ID: 2579439406-0
                                                  • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                  • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                  • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                  • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                  Function 00609277 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1935667413.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  • Associated: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                  • Instruction ID: 7f45a62b763b18ee1db0e3ef6cde993bceb0ffd0ff8c50725b501db6588a7515
                                                  • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                  • Instruction Fuzzy Hash: 3AF06275A50200EFC718DF0AC544CD677F7EB857107654595D4049B3A2D3B0DE45CB70
                                                  Function 0041A06D Relevance: 49.3, APIs: 14, Strings: 14, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -BootTimeDefrag$-InstallNative$-UninstallNative$8<$8F$DiskDefrag$Foucs_Color$Frame_Color$Mid_Back_Color$SeBackupPrivilege$SeRestorePrivilege$Select_Color$Text_Color$Window
                                                  • API String ID: 0-3120907903
                                                  • Opcode ID: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                  • Instruction ID: 85c3a5c4530a51ec5ffbaea33e836eab6d3034a11df18fab6eaffee292debf54
                                                  • Opcode Fuzzy Hash: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                  • Instruction Fuzzy Hash: 1CA19570644341ABD320EB61DC86FEF77A4AF84704F10891EF54992281DBB9E5988B6F
                                                  Function 00428720 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 131windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCursorPos.USER32(00000000), ref: 0042872A
                                                  • CreatePopupMenu.USER32 ref: 00428751
                                                  • #8.OLEAUT32(3401099,0047D9D0,0047D9D0,0047D9D0,0047D9D0,00000000), ref: 00428778
                                                  • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                  • #8.OLEAUT32(3401128,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287AA
                                                  • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                  • #8.OLEAUT32(3401127,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287D6
                                                  • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                  • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                  • #8.OLEAUT32(3401032,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428811
                                                  • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                  • #8.OLEAUT32(3401033,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 0042883D
                                                  • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                  • #8.OLEAUT32(3401086,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428869
                                                  • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                  • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                  • #8.OLEAUT32(10021,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004288A4
                                                  • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$Append$CreateCursorPopup
                                                  • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                  • API String ID: 2468982102-1766060818
                                                  • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                  • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                  • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                  • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                  Function 00402140 Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 304windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                    • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                    • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                  • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                  • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                  • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                  • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                    • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                  • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                    • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                  • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$8F$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                  • API String ID: 3599163918-1643340582
                                                  • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                  • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                  • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                  • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                  Function 0041B4B0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 135serviceCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4C2
                                                  • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4DD
                                                  • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4EA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: OpenService$CloseHandleManager
                                                  • String ID: 0N$VSS
                                                  • API String ID: 4136619037-702027763
                                                  • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                  • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                  • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                  • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                  Function 004164C0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 304windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetComboBoxInfo.USER32 ref: 00416520
                                                  • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                  • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                  • GetClientRect.USER32(?,?), ref: 0041658E
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                  • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                  • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                  • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                  • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                  • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                    • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                  • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                  • CopyRect.USER32(?,?), ref: 0041683E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                  • String ID: 4$8F$COMBOBOX
                                                  • API String ID: 3327461832-961196532
                                                  • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                  • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                  • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                  • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                  Function 00432180 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 303windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                  • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                    • Part of subcall function 0041D2E0: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                    • Part of subcall function 0041D2E0: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                  • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$8F$`=
                                                  • API String ID: 3850602802-3242431549
                                                  • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                  • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                  • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                  • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                  Function 00421750 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 306windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                  • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                  • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                    • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,BB40E64E), ref: 004215AC
                                                  • GetTickCount.KERNEL32 ref: 004218F0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CountRedrawTickWindow
                                                  • String ID: 3401097$8F$ScheduleStart$`=
                                                  • API String ID: 1016491994-1295084991
                                                  • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                  • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                  • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                  • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                  Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                  • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                  • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                  • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                  • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                  • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                  • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                  • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                  • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                  • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                  • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                  • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                  • String ID: &$>=
                                                  • API String ID: 1279047860-1654677323
                                                  • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                  • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                  • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                  • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                  Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                  • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                  • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                  • CoUninitialize.OLE32 ref: 004198B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                  • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                  • API String ID: 3575674281-2330458756
                                                  • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                  • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                  • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                  • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                  Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(004216E9), ref: 00422459
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                  • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                  • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                  • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                  • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                  • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                  • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timer$Window
                                                  • String ID:
                                                  • API String ID: 389327760-0
                                                  • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                  • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                  • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                  • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                  Function 0042CAA0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 142windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                  • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                  • GetParent.USER32(?), ref: 0042CB0D
                                                  • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                  • IsWindowVisible.USER32(?), ref: 0042CB35
                                                  • GetParent.USER32(?), ref: 0042CB43
                                                  • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$NotifyParentVisibleWindow
                                                  • String ID: 8F$LG$`=$F
                                                  • API String ID: 2910063261-562919243
                                                  • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                  • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                  • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                  • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                  Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                  • API String ID: 3850602802-328498535
                                                  • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                  • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                  • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                  • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                  Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                    • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: InvalidateMessageRectSend
                                                  • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                  • API String ID: 909852535-1675042175
                                                  • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                  • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                  • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                  • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                  Function 0041D2E0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                  • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *.avi,*.mpg,*.mpeg,*.mov,*.mkv,*.mp3,*.mp4,*.wmv$*.iso,*.bin$*.zip, *.rar$3403001$3403002$3403003$DiskDefrag\Setting Option\Optimize\OptimizeList$`=
                                                  • API String ID: 0-4238402903
                                                  • Opcode ID: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                  • Instruction ID: 2b0b8f5636e7c6e0b71de8e83816cfbf5980d60911305a15352c27ff1d92b02b
                                                  • Opcode Fuzzy Hash: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                  • Instruction Fuzzy Hash: AD61B5B1504345AFC314EF50CC85FABB7B8FF84344F50492EF94A92160EB79A985CB9A
                                                  Function 0042D9D0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 0042DA84
                                                  • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                  • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                  • FillRect.USER32(?,?,?), ref: 0042DB38
                                                  • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                  • String ID: 8F$ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                  • API String ID: 24576784-4007200279
                                                  • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                  • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                  • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                  • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                  Function 00422890 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 139windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadMenuW.USER32(00000000), ref: 004228FF
                                                  • GetSubMenu.USER32(00000004,00000000), ref: 0042292A
                                                  • GetCursorPos.USER32(BB40E64E), ref: 00422945
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Menu$CursorLoad
                                                  • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]$^H
                                                  • API String ID: 3043871728-172525985
                                                  • Opcode ID: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                  • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                  • Opcode Fuzzy Hash: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                  • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                  Function 0040F790 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 372windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32 ref: 0040F806
                                                  • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                  • CopyRect.USER32(?,?), ref: 0040F845
                                                  • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                  • GetClientRect.USER32(?,?), ref: 0040F88B
                                                    • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                    • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                  • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageRectSend$Copy$Client
                                                  • String ID: $6$8F
                                                  • API String ID: 201260696-978989186
                                                  • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                  • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                  • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                  • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                  Function 00418660 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                  • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                  • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                  • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                  • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CriticalEnterSection
                                                  • String ID: %.2f%%$%I64u$8F
                                                  • API String ID: 2245208738-1881348792
                                                  • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                  • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                  • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                  • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                  Function 00418A70 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 249windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                    • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                  • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                  • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                    • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                  • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                    • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                  • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                  • String ID: /e,/select,"%s%s"$8F$explorer.exe$open
                                                  • API String ID: 206244367-1918814442
                                                  • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                  • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                  • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                  • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                  Function 00465A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32(?), ref: 00465A5F
                                                  • GetWindowRect.USER32(?,?), ref: 00465A78
                                                  • GetClientRect.USER32(?,?), ref: 00465B27
                                                  • GetDC.USER32(?), ref: 00465B49
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                  • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                  • String ID: 8F$Button_Check$F
                                                  • API String ID: 330964712-3764646934
                                                  • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                  • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                  • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                  • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                  Function 00402760 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 122windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                  • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402041$3402042$8F$DiskDefrag$Images$close$open
                                                  • API String ID: 3850602802-2649565445
                                                  • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                  • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                  • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                  • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                  Function 0042EA80 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042EAE3
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042EAF7
                                                  • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0042EB36
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402007$3402033$3402037$3402038$3402039$3402040
                                                  • API String ID: 3850602802-3173017236
                                                  • Opcode ID: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                  • Instruction ID: f302c9e8cacf912969436f53e573b816ab0f893bb8e7c3a9347613e7e3a9d812
                                                  • Opcode Fuzzy Hash: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                  • Instruction Fuzzy Hash: 0021D7F0BE074035E6B5BA614D43FEE21295F84F49F20880BB75E7A9C2CADC3941629D
                                                  Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                  • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                  • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                  • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                  Function 004181A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(?), ref: 004181B6
                                                  • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                  • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                  • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                  • GetClientRect.USER32(?,?), ref: 0041833E
                                                  • GetWindowRect.USER32(?,?), ref: 00418350
                                                  • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectWindow$ClientMessageSend
                                                  • String ID: 8F
                                                  • API String ID: 1071774122-180763933
                                                  • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                  • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                  • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                  • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                  Function 00424430 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 157windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                    • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                    • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                    • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                    • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                    • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                  • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                    • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                    • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                  • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                  • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$8F$ScheduleStart
                                                  • API String ID: 784092869-485786108
                                                  • Opcode ID: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                  • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                  • Opcode Fuzzy Hash: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                  • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                  Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                  • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                  • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                  • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: NtQuerySystemInformation$ntdll
                                                  • API String ID: 3025674679-3593917365
                                                  • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                  • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                  • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                  • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                  Function 004549E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 96fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                  • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                  • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                  • String ID: C:\$JD$NTFS$\\.\C:
                                                  • API String ID: 1233574911-3889828498
                                                  • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                  • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                  • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                  • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                  Function 0042D380 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 90windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$Selected$`=
                                                  • API String ID: 3850602802-3927076241
                                                  • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                  • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                  • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                  • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                  Function 004298F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                  • TranslateMessage.USER32(?), ref: 0042999A
                                                  • DispatchMessageW.USER32(?), ref: 004299A1
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                  • String ID: 0I$@I
                                                  • API String ID: 1800058468-400931512
                                                  • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                  • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                  • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                  • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                  Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ActiveMessageWindow
                                                  • String ID: 3400001$3400101$3401090$rY
                                                  • API String ID: 3610105657-3605576623
                                                  • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                  • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                  • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                  • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                  Function 005FE841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • type_info::operator==.LIBVCRUNTIME ref: 005FE960
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 005FEA6E
                                                  • _UnwindNestedFrames.LIBCMT ref: 005FEBC0
                                                  • CallUnexpected.LIBVCRUNTIME ref: 005FEBDB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2751267872-393685449
                                                  • Opcode ID: c19a6fce0ee18c69e6a6df5abc7fbb45feec23a99ffaf8f8e88c07cc62424b03
                                                  • Instruction ID: 097b6effcaa8aa18da65fbe33cd854b68bb2956b7858ef1c70cb06c4d9df33e6
                                                  • Opcode Fuzzy Hash: c19a6fce0ee18c69e6a6df5abc7fbb45feec23a99ffaf8f8e88c07cc62424b03
                                                  • Instruction Fuzzy Hash: 00B14C3180020EDFCF15EFA4C9469BEBFB6FF54310B14456AEA016B222D779DA51CBA1
                                                  Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyRect.USER32(?,?), ref: 004318DA
                                                  • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                  • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                  • SelectObject.GDI32(?,?), ref: 00431BEF
                                                  • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                  • String ID: Z
                                                  • API String ID: 54210234-1505515367
                                                  • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                  • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                  • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                  • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                  Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004768A9,000000FF), ref: 00401305
                                                    • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,004768A9,000000FF), ref: 00401316
                                                    • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                    • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                    • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                  • GetSysColor.USER32(0000000F), ref: 00465580
                                                  • SetRect.USER32 ref: 004655DE
                                                  • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                  • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                  • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                  • String ID: 8<$Arial
                                                  • API String ID: 3457378621-1936108657
                                                  • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                  • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                  • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                  • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                  Function 00423480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                  • GetCursorPos.USER32(BB40E64E), ref: 00423545
                                                  • SetForegroundWindow.USER32(?), ref: 0042354F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CursorForegroundMenuWindow
                                                  • String ID: 3401016$^H
                                                  • API String ID: 390680170-2641057668
                                                  • Opcode ID: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                  • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                  • Opcode Fuzzy Hash: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                  • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                  Function 00455770 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 004557C8
                                                  • GetDiskFreeSpaceW.KERNEL32 ref: 00455855
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DiskFreeInformationSpaceVolume
                                                  • String ID: C:\$FAT$FAT16$FAT32$NTFS
                                                  • API String ID: 3270478670-3579686192
                                                  • Opcode ID: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                  • Instruction ID: 9d95486116a49aac5a83eb76fc3575ce500acb11c4e489ecfb74c34df7f4e439
                                                  • Opcode Fuzzy Hash: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                  • Instruction Fuzzy Hash: 65316071A183015BD714EF24DC52B7B7BE4AF88705F44492EF949D6290E638D508CB9B
                                                  Function 0042F8E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042F900
                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042F916
                                                  • SendMessageW.USER32(?,00001001,00000000,?), ref: 0042FA08
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3401074$3401075$3401076$3401077
                                                  • API String ID: 3850602802-1879149864
                                                  • Opcode ID: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                  • Instruction ID: b1405050125067dfa2b98fefbbf4893992a49d55c405f1a2d248d2381da72ad7
                                                  • Opcode Fuzzy Hash: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                  • Instruction Fuzzy Hash: 0D3168F07903007BE674EB258D83FEA72A59B44B54F20892FB71E762D1CAF87844965C
                                                  Function 00424270 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,BB40E64E,00094638,?,?,00421AA0,BB40E64E), ref: 004242B3
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                    • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                  • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RedrawWindow$MessageSend
                                                  • String ID: %s: %I64u $3401050$3401080$8F
                                                  • API String ID: 730354411-3927339091
                                                  • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                  • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                  • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                  • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                  Function 00424AE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F
                                                  • API String ID: 3850602802-180763933
                                                  • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                  • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                  • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                  • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                  Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                  • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                  • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                  • GetClientRect.USER32(?,?), ref: 00420AFB
                                                  • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                  • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ClientRect
                                                  • String ID: Button_Check
                                                  • API String ID: 1925248871-1860365581
                                                  • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                  • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                  • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                  • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                  Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                  • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                  • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                  • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                  Function 004657C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                  • GdiplusShutdown.GDIPLUS(?,?,BB40E64E,00093C38,?,?,?,?,00000000,0047812F,000000FF,0041A4F1,BB40E64E,00093C38), ref: 00465814
                                                  • DeleteObject.GDI32(?), ref: 004658CF
                                                  • DeleteObject.GDI32(?), ref: 00465921
                                                  • DeleteObject.GDI32(?), ref: 00465973
                                                  • DeleteObject.GDI32(?), ref: 004659C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DeleteObject$GdiplusShutdown
                                                  • String ID: 8K
                                                  • API String ID: 1337965791-3211281232
                                                  • Opcode ID: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                  • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                  • Opcode Fuzzy Hash: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                  • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                  Function 00416960 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                  • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                  • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                    • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                    • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                    • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                    • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                    • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                  • String ID: 8F$LISTVIEW
                                                  • API String ID: 2600991427-1963048992
                                                  • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                  • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                  • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                  • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                  Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ActiveMessageWindow
                                                  • String ID: 3400001$3400101$3401090$rY
                                                  • API String ID: 3610105657-3605576623
                                                  • Opcode ID: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                  • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                  • Opcode Fuzzy Hash: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                  • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                  Function 005FD940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 005FD977
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 005FD97F
                                                  • _ValidateLocalCookies.LIBCMT ref: 005FDA08
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 005FDA33
                                                  • _ValidateLocalCookies.LIBCMT ref: 005FDA88
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 769407da07e329c2015a65ac49051018e45fa819d8e78d4bbafafb6fad6e4a64
                                                  • Instruction ID: df51cdbc48f6248c680d4cfd77e0fdccb8ddc871a812511b6634210c5c1f7045
                                                  • Opcode Fuzzy Hash: 769407da07e329c2015a65ac49051018e45fa819d8e78d4bbafafb6fad6e4a64
                                                  • Instruction Fuzzy Hash: F441E234A0020DAFCF00DF68C885ABE7FB6FF45314F148155EA19AB392C7799A11CBA1
                                                  Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 004674EB
                                                  • GetParent.USER32(?), ref: 004674FB
                                                  • GetWindowRect.USER32(?,?), ref: 0046751B
                                                  • GetParent.USER32(?), ref: 0046752A
                                                  • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                  • String ID:
                                                  • API String ID: 1335343179-0
                                                  • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                  • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                  • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                  • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                  Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                  • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                  • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                  • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                  • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                  • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                  • String ID:
                                                  • API String ID: 4196163336-0
                                                  • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                  • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                  • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                  • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                  Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetForegroundWindow.USER32(?), ref: 00423369
                                                  • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                  • GetLastError.KERNEL32 ref: 00423452
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                  • String ID: $>$3401082$3401083
                                                  • API String ID: 4150770455-2005305407
                                                  • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                  • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                  • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                  • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                  Function 004262A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(0041F6D0,?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,?,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                  • GetLastError.KERNEL32(?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                  • String ID: 8F
                                                  • API String ID: 3322701435-180763933
                                                  • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                  • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                  • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                  • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                  Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                  • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExtentPoint32Text
                                                  • String ID: ...$`=
                                                  • API String ID: 223599850-889875407
                                                  • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                  • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                  • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                  • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                  Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                  • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                  • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                  • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                    • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                    • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                  • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                  • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                  • String ID:
                                                  • API String ID: 1847558199-0
                                                  • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                  • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                  • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                  • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                  Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 0041109B
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                  • IsWindowVisible.USER32(?), ref: 004110CF
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                  • IsWindowVisible.USER32(?), ref: 0041110B
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSendVisibleWindow
                                                  • String ID:
                                                  • API String ID: 3984873885-0
                                                  • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                  • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                  • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                  • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                  Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                  • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                  • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                  • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                  • GetBkColor.GDI32(?), ref: 0040EA78
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreate$BitmapColorMode
                                                  • String ID:
                                                  • API String ID: 451781270-0
                                                  • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                  • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                  • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                  • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                  Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 004650D8
                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Release
                                                  • String ID:
                                                  • API String ID: 1035833867-0
                                                  • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                  • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                  • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                  • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                  Function 00467820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteObject.GDI32(00000000), ref: 00467935
                                                  • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DeleteObject
                                                  • String ID: 8K$`=
                                                  • API String ID: 4188969710-450670534
                                                  • Opcode ID: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                  • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                  • Opcode Fuzzy Hash: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                  • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                  Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                  • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$InvalidateRect
                                                  • String ID: Button_Check$`=
                                                  • API String ID: 2778011698-3236272720
                                                  • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                  • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                  • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                  • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                  Function 00431060 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                  • API String ID: 3850602802-4007200279
                                                  • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                  • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                  • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                  • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                  Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                  • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                  • KillTimer.USER32(?,00000002), ref: 00424770
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Timer$InvalidateKillRectRedrawWindow
                                                  • String ID: `=
                                                  • API String ID: 4168450595-2762138152
                                                  • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                  • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                  • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                  • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                  Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                  • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                  • #165.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$#165ExistsFileFolderSpecial
                                                  • String ID: DiskDefrag$\DiskDefrag
                                                  • API String ID: 3813007343-1352560241
                                                  • Opcode ID: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                  • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                  • Opcode Fuzzy Hash: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                  • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                  Function 00402A30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                    • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                  • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                    • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                  • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                  • String ID: 8F$C:\
                                                  • API String ID: 2359154852-3356063517
                                                  • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                  • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                  • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                  • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                  Function 00410A20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                  • GetParent.USER32(?), ref: 00410AB3
                                                  • GetParent.USER32(?), ref: 00410AC5
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                    • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                  • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                  • String ID: 8F
                                                  • API String ID: 1290606431-180763933
                                                  • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                  • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                  • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                  • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                  Function 0040F130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(?), ref: 0040F162
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                  • GetClientRect.USER32(?,?), ref: 0040F19B
                                                  • ReleaseDC.USER32(?,?), ref: 0040F210
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClientMessageRectReleaseSend
                                                  • String ID: 8F
                                                  • API String ID: 1863454828-180763933
                                                  • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                  • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                  • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                  • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                  Function 0041AA90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(?), ref: 0041AADC
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                  • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                  • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ExtentMessagePoint32ReleaseSendText
                                                  • String ID: 8F
                                                  • API String ID: 3220701275-180763933
                                                  • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                  • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                  • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                  • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                  Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                  • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                  • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: PowrProf.dll$SetSuspendState
                                                  • API String ID: 145871493-1420736420
                                                  • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                  • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                  • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                  • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                  Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$Client$EventMouseTrack
                                                  • String ID:
                                                  • API String ID: 1879027383-0
                                                  • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                  • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                  • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                  • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                  Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,?), ref: 00416443
                                                  • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                  • GetParent.USER32(?), ref: 00416467
                                                  • GetParent.USER32(?), ref: 0041647A
                                                  • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Rect$Parent$InflateInvalidateWindow
                                                  • String ID:
                                                  • API String ID: 3567486610-0
                                                  • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                  • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                  • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                  • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                  Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.KERNEL32(00497DC0), ref: 0040122D
                                                  • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                  • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                  • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                  • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                  • String ID:
                                                  • API String ID: 3506214061-0
                                                  • Opcode ID: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                  • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                  • Opcode Fuzzy Hash: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                  • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                  Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                  • API String ID: 0-2901586747
                                                  • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                  • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                  • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                  • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                  Function 0041D750 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                  • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DiskDefrag\Setting Option\Exclude$`=
                                                  • API String ID: 0-3794877113
                                                  • Opcode ID: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                  • Instruction ID: 1b5e8dd470563cbc387b5fcd8bef698c16006e04536aa332a21aa0bb045417de
                                                  • Opcode Fuzzy Hash: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                  • Instruction Fuzzy Hash: 9041A371504245AFD304EF55CD85EABBBF8FF88348F00092EF95A82250EB75E944CBA6
                                                  Function 004238A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemPowerStatus.KERNEL32 ref: 00423907
                                                  • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 004239E8
                                                  • GetLongPathNameW.KERNEL32(BB40E64E,00000000), ref: 00423A15
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: LongNamePath$PowerStatusSystem
                                                  • String ID: 3400003
                                                  • API String ID: 2229323602-2398869336
                                                  • Opcode ID: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                  • Instruction ID: 559a5a5f11ad9cbb26b2ef481da3000354db79d5173c1cf665cce4c119cf32f6
                                                  • Opcode Fuzzy Hash: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                  • Instruction Fuzzy Hash: 3C51C6712083419FD310EF20DD85BABB7F8AF88715F50092EF199921D1DB78AA49CB5A
                                                  Function 00422A90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422C04
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterRedrawSectionWindow
                                                  • String ID: DiskChecked$DiskDefrag$`=
                                                  • API String ID: 142774367-3347577070
                                                  • Opcode ID: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                  • Instruction ID: 0b9e0d0bd62f39a9103a5831cbb30b95e2098115bf74eedd830be0e4041926e5
                                                  • Opcode Fuzzy Hash: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                  • Instruction Fuzzy Hash: 644196313007059FC728EE2DDD85BAAB7E1BF84304F94852EED468F385DAB4B845C654
                                                  Function 004222A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 004222D6
                                                  • SendMessageW.USER32(?,00001015,?,?), ref: 00422367
                                                  • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00422400
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F
                                                  • API String ID: 3850602802-180763933
                                                  • Opcode ID: 447f9f9946ccff9b1b99764a0f42122032f9790cb51c1b014e12d9a983ad3545
                                                  • Instruction ID: 003c1d75d670e48058873593885aa4881fdd5922b449336556b7ec6c7a2bda3d
                                                  • Opcode Fuzzy Hash: 447f9f9946ccff9b1b99764a0f42122032f9790cb51c1b014e12d9a983ad3545
                                                  • Instruction Fuzzy Hash: 43418071604311AFC710EF29E880AABB7E4FF88314F444A2EF959DB241D778A944CB95
                                                  Function 004258B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • #8.OLEAUT32(3401129,?,0047D9D0,0047D9D0,0047D9D0), ref: 004259D2
                                                  • #8.OLEAUT32(3401130,0047D9D0,0047D9D0,0047D9D0,0047D9D0,?,?,?,?,?,?,?,?,?,?), ref: 00425A0B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3401129$3401130
                                                  • API String ID: 0-1376210773
                                                  • Opcode ID: f75ec2c0ac9a0af7f618d4b75ecfcfa7dd7948d3cf15e991352d6c15fd79f6bb
                                                  • Instruction ID: 290a2bb6d7e4a4517d003926c088f46f9fe0c42f71943b9fab805552d124ffae
                                                  • Opcode Fuzzy Hash: f75ec2c0ac9a0af7f618d4b75ecfcfa7dd7948d3cf15e991352d6c15fd79f6bb
                                                  • Instruction Fuzzy Hash: 1141D8B1A04701AFC314EF54DD82F9BB7A8EF84714F104A2FFD5997281D778A8098799
                                                  Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32 ref: 004619BD
                                                  • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastMessage
                                                  • String ID: %c:\$Disk Defrag
                                                  • API String ID: 463093485-3222931339
                                                  • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                  • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                  • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                  • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                  Function 004320A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                    • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                  • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                  • API String ID: 3850602802-3449206993
                                                  • Opcode ID: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                  • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                  • Opcode Fuzzy Hash: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                  • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                  Function 00402070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadBitmapW.USER32(00000000,0000008F), ref: 004020B8
                                                  • LoadBitmapW.USER32(00000000,0000008E), ref: 004020D8
                                                    • Part of subcall function 00402140: SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                    • Part of subcall function 00402140: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                    • Part of subcall function 00402140: SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                    • Part of subcall function 00402140: LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                    • Part of subcall function 00402140: SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                    • Part of subcall function 00402A30: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                    • Part of subcall function 00402A30: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                  • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00402121
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$BitmapLoad$FileInfo
                                                  • String ID: 8F
                                                  • API String ID: 945603440-180763933
                                                  • Opcode ID: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                  • Instruction ID: 6e2bdab270fbbe96b848c0bd2341101d434f26038ac6356a5de8eec39d30edc5
                                                  • Opcode Fuzzy Hash: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                  • Instruction Fuzzy Hash: 2411737078071535E130B6B2CE4BFEA224CAF14B04F00452EB759BA1D2CDEC694042AE
                                                  Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: InformationVolume
                                                  • String ID: FAT$FAT16$FAT32
                                                  • API String ID: 2039140958-3969911809
                                                  • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                  • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                  • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                  • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                  Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                  • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Timer$Kill
                                                  • String ID: 3401028$3401029
                                                  • API String ID: 3307318486-3858196228
                                                  • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                  • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                  • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                  • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                  Function 00402590 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402044$8F$CPUIdleTime
                                                  • API String ID: 3850602802-857541521
                                                  • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                  • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                  • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                  • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                  Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                  • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Window$Defer$BeginRedraw
                                                  • String ID: Button_Check
                                                  • API String ID: 2284443614-1860365581
                                                  • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                  • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                  • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                  • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                  Function 00402660 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 3402045$8F$CPUUsageExceed
                                                  • API String ID: 3850602802-3685332712
                                                  • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                  • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                  • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                  • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                  Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • mciSendCommandW.WINMM ref: 0041E210
                                                  • mciGetErrorStringW.WINMM(00000000,?,00000080,00000001,00000001,?), ref: 0041E23D
                                                  • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CommandSend$ErrorString
                                                  • String ID: %s/n
                                                  • API String ID: 1543859921-1476993579
                                                  • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                  • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                  • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                  • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                  Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                    • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                    • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                  • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                  • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                  • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                  • String ID: >=
                                                  • API String ID: 1500692541-3263226258
                                                  • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                  • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                  • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                  • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                  Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                  • #354.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Time$#354FileSystem
                                                  • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                  • API String ID: 253409978-3598614746
                                                  • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                  • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                  • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                  • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                  Function 00467260 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _TrackMouseEvent.COMCTL32(?), ref: 004672A8
                                                  • ReleaseCapture.USER32 ref: 004672BA
                                                  • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 004672CD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CaptureEventMessageMouseReleaseSendTrack
                                                  • String ID: 8F
                                                  • API String ID: 3622949717-180763933
                                                  • Opcode ID: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                  • Instruction ID: 456561867f921ab06e727ae592dfca2a3a58b3b413725f8460958233fe91f338
                                                  • Opcode Fuzzy Hash: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                  • Instruction Fuzzy Hash: 1B012C705087019FD320DF38D849B5BBBE4BB48718F108A2EF49992290E7B49584CF96
                                                  Function 00418A10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32(?), ref: 00418A33
                                                  • GetParent.USER32(?), ref: 00418A3F
                                                  • SendMessageW.USER32(?,00002727,00000000,00000000), ref: 00418A57
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Parent$MessageSend
                                                  • String ID: 8F
                                                  • API String ID: 2251359880-180763933
                                                  • Opcode ID: 0627b2b28fd14ab22fc302f47fdf8d037d2ddcb8f263ad73e8dfdf44008453ba
                                                  • Instruction ID: e214ceb953b926337bbb5e3aa2410105eb18bd81ccfae75be166400476811563
                                                  • Opcode Fuzzy Hash: 0627b2b28fd14ab22fc302f47fdf8d037d2ddcb8f263ad73e8dfdf44008453ba
                                                  • Instruction Fuzzy Hash: DEF03AB9504210AFC300EB64DD89E5BBBA8FF98710F04CA5EF58C9B241D674E845CFA2
                                                  Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                  • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_Draw
                                                  • API String ID: 310444273-2074868843
                                                  • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                  • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                  • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                  • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                  Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415319,?,?,BB40E64E,?,?,00000000,BB40E64E,?,BB40E64E,?,00000000,00000000), ref: 00415253
                                                  • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_GetImageInfo
                                                  • API String ID: 310444273-158344479
                                                  • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                  • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                  • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                  • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                  Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,00415489,?,?,BB40E64E,?,?,00000000,004070E8,?,BB40E64E,?,00000000,00000000), ref: 004153D0
                                                  • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                  • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                  Strings
                                                  • ImageList_GetImageCount, xrefs: 004153F5
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID: ImageList_GetImageCount
                                                  • API String ID: 310444273-4246500564
                                                  • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                  • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                  • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                  • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                  Function 005FE5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: c8b77496f7086eaaae0d1c9487f784bb00d186b2c715a380ccabdd8648ac75ee
                                                  • Instruction ID: e14ab50769611a00ab1b7f1466e1694e93afd342973fee74288c6938ea870f0b
                                                  • Opcode Fuzzy Hash: c8b77496f7086eaaae0d1c9487f784bb00d186b2c715a380ccabdd8648ac75ee
                                                  • Instruction Fuzzy Hash: 7F51E37160124EAFDB289F10E946B7A7FA5FF94310F14452DEA06872B1E739EC41CB90
                                                  Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                  • GetClientRect.USER32(?,?), ref: 0042C88F
                                                  • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                  • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ClientMessageRectSend
                                                  • String ID:
                                                  • API String ID: 166717107-0
                                                  • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                  • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                  • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                  • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                  Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(?), ref: 0041056D
                                                  • GetWindowRect.USER32(?,?), ref: 0041058D
                                                    • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                    • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                    • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                    • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                  • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                  • GetWindowRect.USER32(?,?), ref: 0041063B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                  • String ID:
                                                  • API String ID: 2970461787-0
                                                  • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                  • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                  • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                  • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                  Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                    • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                  • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProcSleep
                                                  • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                  • API String ID: 451317006-1228882529
                                                  • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                  • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                  • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                  • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                  Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                  • GetLastError.KERNEL32 ref: 00463581
                                                  • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                  • GetLastError.KERNEL32 ref: 004635C7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceErrorLast
                                                  • String ID:
                                                  • API String ID: 2645620995-0
                                                  • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                  • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                  • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                  • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                  Function 005FDE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005FDEAD
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005FDEC6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1941080400.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_5d0000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Value___vcrt_
                                                  • String ID:
                                                  • API String ID: 1426506684-0
                                                  • Opcode ID: cacb738ff10da734c2dabfa70aa21b5d5414f77dcc8c09b1a5916038ff157a40
                                                  • Instruction ID: e21fa0e1e042aed262a66f695c45ff621a2c4ef1e34b50a65806cee853b7661a
                                                  • Opcode Fuzzy Hash: cacb738ff10da734c2dabfa70aa21b5d5414f77dcc8c09b1a5916038ff157a40
                                                  • Instruction Fuzzy Hash: 7801F5322483166EB71426B57C8A9763FBBFB52771B20022AF715451F1EE294C01E261
                                                  Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                  • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                  • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Cursor$Load$Destroy
                                                  • String ID:
                                                  • API String ID: 2883253431-0
                                                  • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                  • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                  • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                  • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                  Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                  • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                  • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                  • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                  • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                  • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                  • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                  Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aulldiv
                                                  • String ID: `=
                                                  • API String ID: 3732870572-2762138152
                                                  • Opcode ID: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                  • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                  • Opcode Fuzzy Hash: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                  • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                  Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: `=
                                                  • API String ID: 885266447-2762138152
                                                  • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                  • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                  • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                  • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                  Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: __aulldiv
                                                  • String ID: `=
                                                  • API String ID: 3732870572-2762138152
                                                  • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                  • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                  • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                  • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                  Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                  • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterQueryRecycleSection
                                                  • String ID: C:\$`=
                                                  • API String ID: 1132591718-3292444104
                                                  • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                  • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                  • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                  • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                  Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                  • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CurrentProcess
                                                  • String ID: P
                                                  • API String ID: 2050909247-3110715001
                                                  • Opcode ID: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                  • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                  • Opcode Fuzzy Hash: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                  • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                  Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                    • Part of subcall function 004197C0: CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                    • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                    • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                  • GetLogicalDrives.KERNEL32 ref: 00427273
                                                  • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                  • String ID: C:\
                                                  • API String ID: 2354564324-3404278061
                                                  • Opcode ID: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                  • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                  • Opcode Fuzzy Hash: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                  • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                  Function 0042F110 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041D750: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                    • Part of subcall function 0041D750: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$`=
                                                  • API String ID: 3850602802-2789391384
                                                  • Opcode ID: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                  • Instruction ID: 5b7d0dfdc37c6029d1809ee2af6bf9b154064672585324479e47d4ede9078e07
                                                  • Opcode Fuzzy Hash: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                  • Instruction Fuzzy Hash: 9541A672B04310DBD310EF54E981B6BB7F4EB88714F91097EF945A7240D735AC488BAA
                                                  Function 0042D230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 0042D31C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$`=
                                                  • API String ID: 3850602802-2789391384
                                                  • Opcode ID: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                  • Instruction ID: 93b085b09f2c4ac2bdbc263637bfa3f203d19d869e2dbc8046dfdb1fcf76ffa8
                                                  • Opcode Fuzzy Hash: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                  • Instruction Fuzzy Hash: 44311F35A00615CFC320DBB4E9C5A6BB7E0EB45311F5489AAE86ED2351DA34E8848B69
                                                  Function 00463940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeviceIoControl.KERNEL32(?,00090068,?,00000008,?,?,00000000,00000000), ref: 004639CC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDevice
                                                  • String ID: JD$`=
                                                  • API String ID: 2352790924-2424167441
                                                  • Opcode ID: 2908f10500851773ea917a472ec38425fc1f7a75da2bf9b2388671952093b7fd
                                                  • Instruction ID: eb6a3a0589f86c3bb2eb7d026cc259395d877a06b4f1ad3459572aa0b973dd10
                                                  • Opcode Fuzzy Hash: 2908f10500851773ea917a472ec38425fc1f7a75da2bf9b2388671952093b7fd
                                                  • Instruction Fuzzy Hash: C32128B56047018FC324DF69C880A2BB7E5FBC8314F008A2EE59587751D774EA4ACF92
                                                  Function 004329E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00432A59
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$tFH
                                                  • API String ID: 3850602802-1887266447
                                                  • Opcode ID: 2b7ecd92578468ef1ac141b899e89e6d30bd51511ca2d11e6c2f0b9fe07e79fe
                                                  • Instruction ID: 61f4021c422f63e7875300546f5658b29b21fa4e8b650a7ac1d2bdd352889d76
                                                  • Opcode Fuzzy Hash: 2b7ecd92578468ef1ac141b899e89e6d30bd51511ca2d11e6c2f0b9fe07e79fe
                                                  • Instruction Fuzzy Hash: 9E21A1312447419FD631EF20CE86F9EB7A4EB84714F104A1EF259972D1CBF828458B5A
                                                  Function 00423020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001015,?,?), ref: 004230DC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$`=
                                                  • API String ID: 3850602802-2789391384
                                                  • Opcode ID: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                  • Instruction ID: 16e62712f1819d0f9283694aa4ee6730415ba22870223c05465c6e43f049811c
                                                  • Opcode Fuzzy Hash: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                  • Instruction Fuzzy Hash: 20214D75300A13AFC61CEB39D8998F9F3AAFF88305784422DE91A87251CB247D51CBD4
                                                  Function 00402980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004029C9
                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402A11
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F
                                                  • API String ID: 3850602802-180763933
                                                  • Opcode ID: 90b17b05424b2c62125107ea6cc347fd3112fc48176a53c09daaf49607d71c2d
                                                  • Instruction ID: 67af94f4d0bbb15246a849000ec73e7ae4faebe480045c9460922c1e7266e159
                                                  • Opcode Fuzzy Hash: 90b17b05424b2c62125107ea6cc347fd3112fc48176a53c09daaf49607d71c2d
                                                  • Instruction Fuzzy Hash: 11014FB138031422E97576B26F47BEF12458B54B08F10042BFB09B92C2EAEDE482459F
                                                  Function 00410390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001001,00000000,?), ref: 00410404
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$Button_Check
                                                  • API String ID: 3850602802-1310182199
                                                  • Opcode ID: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                  • Instruction ID: 09b5b65d6a19d25cf5f991273958dae6b0a4a0afcd6ef2ce1ca3dc747381d305
                                                  • Opcode Fuzzy Hash: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                  • Instruction Fuzzy Hash: D3114F75200248AFCB30EF2ADC85AC933A4AB54314F11443FAD0DAB392DE79A9458B58
                                                  Function 0042F177 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F$`=
                                                  • API String ID: 3850602802-2789391384
                                                  • Opcode ID: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                  • Instruction ID: e2c7429d35eb79f017d7d9d53c2d9adddc48fbc63db9da39a1e6c1575c1991e3
                                                  • Opcode Fuzzy Hash: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                  • Instruction Fuzzy Hash: 8C01C835740321DBD7209F60DD81B2E77B07F48700FD1087AE905A7290D7B4BC448AAD
                                                  Function 0042D490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D4B8
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D4DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: 8F
                                                  • API String ID: 3850602802-180763933
                                                  • Opcode ID: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                  • Instruction ID: ee58587f9df8cc875d776869306883827de9a08da503ac3836b7653e0a5f6a06
                                                  • Opcode Fuzzy Hash: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                  • Instruction Fuzzy Hash: 3DF08972B4032036F53067B56D47F6B729C8B44B55F50056AF709DA1C1D9B4A80182AD
                                                  Function 00460070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: JD
                                                  • API String ID: 9847766-1871045537
                                                  • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                  • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                  • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                  • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                  Function 0045A110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceErrorLast
                                                  • String ID: JD
                                                  • API String ID: 2645620995-1871045537
                                                  • Opcode ID: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                  • Instruction ID: ad4678ad3c97b32a671b7944ff25921815bdba954f40981503357140da3e9122
                                                  • Opcode Fuzzy Hash: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                  • Instruction Fuzzy Hash: C501F2B1649300AFD348CF55D891B0BBBE0AFC8700F40992EF68986290E374D949CF86
                                                  Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyW.ADVAPI32(?,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                  • RegCloseKey.ADVAPI32 ref: 0041A811
                                                    • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                    • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                    • Part of subcall function 0041A820: #165.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                  Strings
                                                  • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: Path$#165CloseExistsFileFolderOpenSpecial
                                                  • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                  • API String ID: 1591709053-3464295076
                                                  • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                  • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                  • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                  • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                  Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CompatibleCreateExchangeInterlocked
                                                  • String ID: }I
                                                  • API String ID: 1770991917-1906338323
                                                  • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                  • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                  • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                  • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                  Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                  • DeleteDC.GDI32(00000000), ref: 004012C4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: DeleteExchangeInterlocked
                                                  • String ID: }I
                                                  • API String ID: 1722977832-1906338323
                                                  • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                  • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                  • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                  • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                  Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                  • GetLastError.KERNEL32 ref: 0041A793
                                                  Strings
                                                  • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorLastMutex
                                                  • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                  • API String ID: 1925916568-1835452401
                                                  • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                  • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                  • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                  • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                  Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                  • GetLastError.KERNEL32 ref: 0041A753
                                                  Strings
                                                  • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1962004214.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.1961964387.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962068637.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962095224.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000548000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.0000000000556000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000055F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1962118075.000000000056B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_tO8laPAv1k.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorLastMutex
                                                  • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                  • API String ID: 1925916568-3123431990
                                                  • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                  • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                  • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                  • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09