Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RXnQXC1eJa.exe

Overview

General Information

Sample name:RXnQXC1eJa.exe
renamed because original name is a hash value
Original sample name:27af91002593bb898ccc0eb2a065ee0897c3cc05751c66d10e434a45bc8af7b2.exe
Analysis ID:1576979
MD5:a98236d225058c446810c392ecfecc6d
SHA1:7f6654060fa0e98e8d5c8de6a1927cf49ffa0f3d
SHA256:27af91002593bb898ccc0eb2a065ee0897c3cc05751c66d10e434a45bc8af7b2
Tags:104-161-43-18Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • RXnQXC1eJa.exe (PID: 7336 cmdline: "C:\Users\user\Desktop\RXnQXC1eJa.exe" MD5: A98236D225058C446810C392ECFECC6D)
    • RXnQXC1eJa.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\RXnQXC1eJa.exe" MD5: A98236D225058C446810C392ECFECC6D)
      • svchost.exe (PID: 7600 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 7732 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 7976 cmdline: C:\Windows\system32\WerFault.exe -u -p 7732 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 7672 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 420 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.2344675661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000003.00000003.2340110839.00000000007A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000004.00000002.2444562908.0000000003400000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.3.svchost.exe.5360000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.svchost.exe.5580000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.RXnQXC1eJa.exe.2f80000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  3.3.RXnQXC1eJa.exe.2f80000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.RXnQXC1eJa.exe.2d60000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RXnQXC1eJa.exe, ProcessId: 7336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectouinVans
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RXnQXC1eJa.exe", ParentImage: C:\Users\user\Desktop\RXnQXC1eJa.exe, ParentProcessId: 7572, ParentProcessName: RXnQXC1eJa.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7600, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RXnQXC1eJa.exe", ParentImage: C:\Users\user\Desktop\RXnQXC1eJa.exe, ParentProcessId: 7572, ParentProcessName: RXnQXC1eJa.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7600, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-17T20:18:37.800781+010028548021Domain Observed Used for C2 Detected104.161.43.182845192.168.2.649745TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8"}
                      Multi AV Scanner detection for submitted file
                      Source: RXnQXC1eJa.exeReversingLabs: Detection: 63%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

                      Compliance

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeUnpacked PE file: 0.2.RXnQXC1eJa.exe.2280000.2.unpack
                      Source: RXnQXC1eJa.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: RXnQXC1eJa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: wkernel32.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355131443.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355241836.0000000005480000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2341545614.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341317849.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2353695261.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354107714.0000000005550000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2342063397.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341816651.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354896367.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354495042.0000000005360000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: RXnQXC1eJa.exe, PerfectouinVans.exe.0.dr
                      Source: Binary string: ntdll.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2341545614.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341317849.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2353695261.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354107714.0000000005550000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2342063397.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341816651.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354896367.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354495042.0000000005360000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355131443.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355241836.0000000005480000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: RXnQXC1eJa.exe, PerfectouinVans.exe.0.dr
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,0_2_004631F0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,0_2_0045A7D0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00462F00 FindFirstFileW,FindClose,0_2_00462F00
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,3_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,3_2_0045A7D0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_000001E47FC20511

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.161.43.18:2845 -> 192.168.2.6:49745
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8
                      Source: global trafficTCP traffic: 192.168.2.6:49745 -> 104.161.43.18:2845
                      Source: Joe Sandbox ViewIP Address: 104.161.43.18 104.161.43.18
                      Source: Joe Sandbox ViewASN Name: IOFLOODUS IOFLOODUS
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
                      Source: RXnQXC1eJa.exe, PerfectouinVans.exe.0.drString found in binary or memory: http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401
                      Source: svchost.exe, 00000004.00000002.2443864820.0000000002BBC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2444311374.000000000330C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8
                      Source: svchost.exe, 00000004.00000002.2444311374.000000000330C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatio
                      Source: svchost.exe, 00000004.00000002.2443864820.0000000002BBC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8x
                      Source: svchost.exe, 00000004.00000003.2374247568.00000000033A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.2374247568.00000000033A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_6786419c-b
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_ad3677c2-6
                      Source: Yara matchFile source: 4.3.svchost.exe.5360000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5580000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.RXnQXC1eJa.exe.2f80000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.RXnQXC1eJa.exe.2f80000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.RXnQXC1eJa.exe.2d60000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RXnQXC1eJa.exe PID: 7572, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7600, type: MEMORYSTR

                      System Summary

                      barindex
                      Drops large PE files
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeFile dump: PerfectouinVans.exe.0.dr 979567347Jump to dropped file
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447F17 NtQueryDefaultLocale,0_2_00447F17
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447EC9 NtQueryDefaultLocale,0_2_00447EC9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447EA0 NtQueryDefaultLocale,0_2_00447EA0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000001E47FC21AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000001E47FC21AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000001E47FC21CF4 NtAcceptConnectPort,CloseHandle,8_2_000001E47FC21CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000001E47FC215C0 NtAcceptConnectPort,8_2_000001E47FC215C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000001E47FC20AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000001E47FC20AC8
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00460070: DeviceIoControl,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_00460070
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0041E0F0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447F170_2_00447F17
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004350C50_2_004350C5
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004350A50_2_004350A5
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043D0AA0_2_0043D0AA
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004380AD0_2_004380AD
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004350B20_2_004350B2
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004341060_2_00434106
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004341E90_2_004341E9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004361820_2_00436182
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004352000_2_00435200
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004372200_2_00437220
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043823C0_2_0043823C
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043C2E90_2_0043C2E9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004372810_2_00437281
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004372920_2_00437292
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004372AB0_2_004372AB
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043745F0_2_0043745F
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004374EF0_2_004374EF
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043B4ED0_2_0043B4ED
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004374F40_2_004374F4
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004374A90_2_004374A9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043757F0_2_0043757F
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0045050B0_2_0045050B
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044D59A0_2_0044D59A
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004346E90_2_004346E9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044E6BB0_2_0044E6BB
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004337140_2_00433714
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_005697320_2_00569732
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043C7900_2_0043C790
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044E7B00_2_0044E7B0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044E8100_2_0044E810
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044E8E00_2_0044E8E0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044E96D0_2_0044E96D
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004579F00_2_004579F0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00433A340_2_00433A34
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044EA840_2_0044EA84
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00433A9C0_2_00433A9C
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00433AA50_2_00433AA5
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041FAB00_2_0041FAB0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00433AB40_2_00433AB4
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043CB380_2_0043CB38
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043CC010_2_0043CC01
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00437C0D0_2_00437C0D
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044EC110_2_0044EC11
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044FE440_2_0044FE44
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0050DE5C0_2_0050DE5C
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043CE6A0_2_0043CE6A
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043CE0A0_2_0043CE0A
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00436E2C0_2_00436E2C
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447EC90_2_00447EC9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00447EA00_2_00447EA0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00433EAE0_2_00433EAE
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00461F100_2_00461F10
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0043CF230_2_0043CF23
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00468F800_2_00468F80
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044DF8A0_2_0044DF8A
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0044EF950_2_0044EF95
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00434FB70_2_00434FB7
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_006081D23_3_006081D2
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_005FC2313_3_005FC231
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_005FC4003_3_005FC400
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_004361823_2_00436182
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00468F803_2_00468F80
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000001E47FC20C708_2_000001E47FC20C70
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: String function: 00474096 appears 238 times
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: String function: 005FCD90 appears 33 times
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: String function: 0040AC20 appears 40 times
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: String function: 0040AB60 appears 34 times
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 420
                      Source: RXnQXC1eJa.exeBinary or memory string: OriginalFilename vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000000.00000000.2154275410.0000000000499000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2391764683.00000000022C9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2391986703.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000003161000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342063397.000000000302D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002E80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2340341450.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002DF2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2341545614.00000000030D6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2341816651.0000000002E83000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2344465848.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exe, 00000003.00000003.2341317849.0000000002ED8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exeBinary or memory string: OriginalFilenameDiskDefrag.exe@ vs RXnQXC1eJa.exe
                      Source: RXnQXC1eJa.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, RXnQXC1eJa.exe, 00000000.00000002.2391764683.00000000022C9000.00000040.00001000.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2340341450.0000000000619000.00000040.00000400.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2344465848.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: RXnQXC1eJa.exe, RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, RXnQXC1eJa.exe, 00000000.00000002.2391764683.00000000022C9000.00000040.00001000.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2340341450.0000000000619000.00000040.00000400.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2344465848.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_0041E0F0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,0_2_00419CF0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,0_2_00419D90
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,3_2_00419CF0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00463750 GetDiskFreeSpaceW,0_2_00463750
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004197C0 LoadBitmapW,CoInitialize,CoCreateInstance,CoUninitialize,CoSetProxyBlanket,CoUninitialize,CoUninitialize,VariantInit,VariantClear,VariantClear,VariantClear,CoUninitialize,0_2_004197C0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_0041B4B0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeFile created: C:\Users\user\Documents\PerfectouinJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-d4daedc7-d45f-905ab4-2729bc7b69fc}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7732
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7b19e63d-32ec-458d-b4d6-b91aedbe5a59Jump to behavior
                      Source: RXnQXC1eJa.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: RXnQXC1eJa.exeReversingLabs: Detection: 63%
                      Source: RXnQXC1eJa.exeString found in binary or memory: -InstallNative
                      Source: RXnQXC1eJa.exeString found in binary or memory: -InstallNative
                      Source: RXnQXC1eJa.exeString found in binary or memory: H{4391F12D-936B-4037-9383-DCB800DF7B65}chs-NewInstallNative-UninstallNative-InstallNativeSeBackupPrivilegeSeRestorePrivilegeText_ColorSelect_ColorFoucs_ColorFrame_Color-BootTimeDefrag{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}SYSTEM\CurrentControlSet\services\BootDefrag\DiskDefrag%SystemRoot%chbStartAutomaticallyOnLogonDiskDefrag\Setting Option\GereralDisk Speedup\DiskDefrag.exeDisk Speedup Initialization-autorunMinimizeToTrayShowBalloonchbMultithreadingchbStopVssDefragNTFSVSSColorIndexDiskDefrag\Setting Option\Gereral\DefragColorchbFrageMentsSmallerDiskDefrag\Setting Option\DefragcbbFrageMentsSmallerchbFileFragementAmountcbbFileFragementAmountchbFileLargercbbFileLargerchbFileSmallercbbFileSmallerCleanupTipCleanupTypeCheckDefragCPUIdleDiskDefrag\AutoDefragmentionCPUIdleTimeCheckPauseCPUUsageCPUUsageExceedAutoDefragDrivers1DefragmentedFilesLastDefragmentionCheckRunScheduleDiskDefrag\RunSheduleSheduleActionFrequencyWeekDayDayHourSheuldeDrivers\%d3400002ScheduleStartchbMoveLargeFilesDiskDefrag\Setting Option\OptimizechbMimiFileSizecbbFileSizechbNotAccesInLastchbFileInRecylechbFileInSelectedDiskDefrag\Setting Option\Optimize\OptimizeList3403001*.zip, *.rar3403002*.avi,*.mpg,*.mpeg,*.mov,*.mkv,*.mp3,*.mp4,*.wmv3403003*.iso,*.binDiskDefrag\Setting Option\ExcludeDefragFinishRingtone3402075DiskDefrag\SSDchbStopDefragInBatterySeShutdownPrivilegePowrProf.dllSetSuspendStatempegvideo%s/n
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeFile read: C:\Users\user\Desktop\RXnQXC1eJa.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\RXnQXC1eJa.exe "C:\Users\user\Desktop\RXnQXC1eJa.exe"
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Users\user\Desktop\RXnQXC1eJa.exe "C:\Users\user\Desktop\RXnQXC1eJa.exe"
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 420
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7732 -s 136
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Users\user\Desktop\RXnQXC1eJa.exe "C:\Users\user\Desktop\RXnQXC1eJa.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: RXnQXC1eJa.exeStatic file information: File size 1852928 > 1048576
                      Source: RXnQXC1eJa.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12e200
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: RXnQXC1eJa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: RXnQXC1eJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wkernel32.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355131443.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355241836.0000000005480000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2341545614.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341317849.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2353695261.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354107714.0000000005550000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2342063397.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341816651.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354896367.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354495042.0000000005360000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: RXnQXC1eJa.exe, PerfectouinVans.exe.0.dr
                      Source: Binary string: ntdll.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2341545614.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341317849.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2353695261.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354107714.0000000005550000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: RXnQXC1eJa.exe, 00000003.00000003.2342063397.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2341816651.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354896367.0000000005500000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2354495042.0000000005360000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2342357713.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342467394.0000000002E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355131443.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355241836.0000000005480000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: RXnQXC1eJa.exe, 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: RXnQXC1eJa.exe, PerfectouinVans.exe.0.dr

                      Data Obfuscation

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeUnpacked PE file: 0.2.RXnQXC1eJa.exe.2280000.2.unpack
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,0_2_004150A0
                      Source: RXnQXC1eJa.exeStatic PE information: real checksum: 0xf661c should be: 0x1ceec7
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0050E58E push ecx; ret 0_2_0050E5A1
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00473991 push ecx; ret 0_2_004739A4
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060B86D push ebx; ret 3_3_0060B864
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060A840 push ebp; retf 3_3_0060A841
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060E83C pushad ; ret 3_3_0060E841
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060E80E push eax; iretd 3_3_0060E81D
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060A0F9 push FFFFFF82h; iretd 3_3_0060A0FB
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060D8A0 push 0000002Eh; iretd 3_3_0060D8A2
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_00608904 push ecx; ret 3_3_00608917
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060B1DD push eax; ret 3_3_0060B1DF
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060E586 pushad ; retf 3_3_0060E599
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_00609F6A push eax; ret 3_3_00609F75
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_0060B70B push ebx; ret 3_3_0060B864
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00473991 push ecx; ret 3_2_004739A4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF58BC pushad ; ret 4_3_02BF58C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF588E push eax; iretd 4_3_02BF589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF28ED push ebx; ret 4_3_02BF28E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF18C0 push ebp; retf 4_3_02BF18C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF6012 push 00000038h; iretd 4_3_02BF601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF5606 pushad ; retf 4_3_02BF5619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF225D push eax; ret 4_3_02BF225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF278B push ebx; ret 4_3_02BF28E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF5FEE push FFFFFFD2h; retf 4_3_02BF6011
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF0FEA push eax; ret 4_3_02BF0FF5
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF4920 push 0000002Eh; iretd 4_3_02BF4922
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF5F0C push es; iretd 4_3_02BF5F0D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF1179 push FFFFFF82h; iretd 4_3_02BF117B

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files to the document folder of the user
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_004112B7
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_004112B9
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,3_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_0041B4B0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVansJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVansJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,0_2_0041F8D0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00420B40 IsIconic,0_2_00420B40
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 582B83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, RXnQXC1eJa.exe, 00000000.00000002.2391764683.00000000022C9000.00000040.00001000.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2340341450.0000000000619000.00000040.00000400.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2344465848.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: RXnQXC1eJa.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: RXnQXC1eJa.exe, 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, RXnQXC1eJa.exe, 00000000.00000002.2391764683.00000000022C9000.00000040.00001000.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2340341450.0000000000619000.00000040.00000400.00020000.00000000.sdmp, RXnQXC1eJa.exe, 00000003.00000003.2344465848.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeDropped PE file which has not been started: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeAPI coverage: 0.3 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,0_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,0_2_004631F0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,0_2_0045A7D0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00462F00 FindFirstFileW,FindClose,0_2_00462F00
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,3_2_00411150
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,3_2_0045A7D0
                      Source: svchost.exe, 00000004.00000002.2444562908.0000000003400000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: fs2VmCi
                      Source: Amcache.hve.13.drBinary or memory string: VMware
                      Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.13.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                      Source: svchost.exe, 00000004.00000002.2444166941.0000000003200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: svchost.exe, 00000004.00000002.2444200439.0000000003212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.13.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
                      Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: Amcache.hve.13.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
                      Source: svchost.exe, 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: svchost.exe, 00000004.00000002.2444283927.000000000325C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]RSVP UDP Service Provider
                      Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_00609098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_00609098
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004734E6
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,0_2_004150A0
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_3_00609277 mov eax, dword ptr fs:[00000030h]3_3_00609277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02BF0283 mov eax, dword ptr fs:[00000030h]4_3_02BF0283
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00474040 GetProcessHeap,HeapFree,0_2_00474040
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Users\user\Desktop\RXnQXC1eJa.exe "C:\Users\user\Desktop\RXnQXC1eJa.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004734E6
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 3_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004734E6

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeMemory written: C:\Users\user\Desktop\RXnQXC1eJa.exe base: 5D0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_00502A5F cpuid 0_2_00502A5F
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\RXnQXC1eJa.exeCode function: 0_2_0041C260 GetSystemTimeAsFileTime,SHFormatDateTimeW,0_2_0041C260
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.2344675661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2340110839.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2444562908.0000000003400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2357374549.0000000000A80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.2344675661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2340110839.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2444562908.0000000003400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2357374549.0000000000A80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		21
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      Windows Service                      		1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Input Capture                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Windows Service                      		3
                      Obfuscated Files or Information                      		Security Account Manager125
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      Service Execution                      		Login Hook211
                      Process Injection                      		1
                      Software Packing                      		NTDS241
                      Security Software Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets1
                      Virtualization/Sandbox Evasion                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      RXnQXC1eJa.exe63%ReversingLabsWin32.Adware.RedCap

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8x0%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatio0%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt80%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8xsvchost.exe, 00000004.00000002.2443864820.0000000002BBC000.00000004.00000010.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.2374247568.00000000033A0000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://upx.sf.netAmcache.hve.13.drfalse
                          		high
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.2374247568.00000000033A0000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://104.161.43.18:2845/7e56fc199c7194d0/vhj85b49.mnrt8kernelbasentdllkernel32GetProcessMitigatiosvchost.exe, 00000004.00000002.2444311374.000000000330C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401RXnQXC1eJa.exe, PerfectouinVans.exe.0.drfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              104.161.43.18
                              		unknownUnited States
                              		53755IOFLOODUStrue

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1576979
                              Start date and time:2024-12-17 20:17:16 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 8m 49s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:26
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:RXnQXC1eJa.exe
                              renamed because original name is a hash value
                              Original Sample Name:27af91002593bb898ccc0eb2a065ee0897c3cc05751c66d10e434a45bc8af7b2.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@9/6@0/1
                              EGA Information:
                              • Successful, ratio: 50%
                              HCA Information:Failed
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 20.189.173.22, 20.190.147.9, 20.223.35.26, 13.107.246.63, 172.202.163.200, 40.126.53.11, 2.16.158.96, 20.103.156.88
                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, tse1.mm.bing.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target RXnQXC1eJa.exe, PID 7572 because there are no executed function
                              • Execution Graph export aborted for target svchost.exe, PID 7600 because there are no executed function
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • VT rate limit hit for: RXnQXC1eJa.exe

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              14:18:52API Interceptor1x Sleep call for process: WerFault.exe modified
                              20:18:36AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe
                              20:18:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              104.161.43.18122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                  IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                    873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                      0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                        1H57mPm9jr.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              IOFLOODUS122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                              • 104.161.43.18
                                              pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                              • 104.161.43.18
                                              IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                              • 104.161.43.18
                                              873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                              • 104.161.43.18
                                              0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                              • 104.161.43.18
                                              svhost.exeGet hashmaliciousQuasarBrowse
                                              • 148.163.102.170
                                              KjECqzXLWp.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                              • 162.213.210.250
                                              cey4VIyGKh.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                              • 162.213.210.250
                                              msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                              • 162.213.210.250
                                              msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                              • 162.213.210.250

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_74019cbd-3303-4318-80da-18daf957b3d2\Report.wer

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):65536
                                              Entropy (8bit):0.6603262501514464
                                              Encrypted:false
                                              SSDEEP:96:wWF1Q3eQqigKJ1s3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/dg:XvgnHn1xR0apYKjqzuiFt9Z24lO8JO
                                              MD5:BB3B6F5B698BE8B4A9D94E61355462C1
                                              SHA1:A6EEC54B3CB9466FFC8F660AC97800C5168D8767
                                              SHA-256:7FA12622BC3E44F7C916E2B424055FF8A26FE6AF9C8C4F4ACC0F170535D95718
                                              SHA-512:1E5C7DA4CF116CF24A281B40EAFC25ADF2D7D2C292AE668EF19AAD5A105601C017F8CB05C46FE0633BC51967646DCD04CDDEFF3BB5F3CCBCD9AA0A4F90626851
                                              Malicious:false
                                              Reputation:low
                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.3.6.7.2.5.6.3.9.3.4.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.3.6.7.2.6.3.1.1.2.2.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.0.1.9.c.b.d.-.3.3.0.3.-.4.3.1.8.-.8.0.d.a.-.1.8.d.a.f.9.5.7.b.3.d.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.a.b.c.3.c.0.-.b.d.b.c.-.4.4.7.c.-.8.7.5.5.-.2.c.6.b.4.9.0.1.2.5.5.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.3.4.-.0.0.0.1.-.0.0.1.5.-.5.e.c.1.-.f.3.7.b.b.8.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BAA.tmp.dmp

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:Mini DuMP crash report, 14 streams, Tue Dec 17 19:18:45 2024, 0x1205a4 type
                                              Category:dropped
                                              Size (bytes):47438
                                              Entropy (8bit):1.2853905010625173
                                              Encrypted:false
                                              SSDEEP:96:5M8dKGTlvRdn9HyyTOd37i78hxvOwwh03s2qKhdWIxImIg2d6KC:FdVzAdrO8hxGwwh0/fh32s
                                              MD5:B06CF7107DA13D2BBB5D29D482FAEC7D
                                              SHA1:5F39C5662DE62D4AF86AFA7E3346ECD1E7D79030
                                              SHA-256:596195613FD7CAAF786B01697BA555130C79BD40CEC5508F7892F37204A06BF2
                                              SHA-512:E2D4AB52FDD6402D6F2F4DD7F14965E38C97F629D519B43C474C87378B9823688E7F18A5E4BED5751C067EBA4202C04F171A3F58550903D46EBEFF16B952E372
                                              Malicious:false
                                              Reputation:low
                                              Preview:MDMP..a..... .........ag....................................$...2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T.......4.....ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CA5.tmp.WERInternalMetadata.xml

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):8622
                                              Entropy (8bit):3.693538529841064
                                              Encrypted:false
                                              SSDEEP:192:R6l7wVeJbALI6YQ2+uHgmfr57vnbpDH89bje3fbBm:R6lXJs06YB+uHgmfrFvn2jufw
                                              MD5:633B411E15A8D2E86BCD35B8715FD14D
                                              SHA1:D5C35959428B0A52ED1F5E8B708E793922F04894
                                              SHA-256:D63ADD7F1A6A8D158C75AEF32425482AE7B178C9A1469190D750581417A69845
                                              SHA-512:AB32CEC5490742E0DE6ABDFC42D83709147DC360C0F6D0F6C19C09B24E81464F74A53BCAE35A0BAF9ECC096D21B13E1FE76E7B2744B6E8E7378761610014902B
                                              Malicious:false
                                              Reputation:low
                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.3.2.<./.P.i.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CF4.tmp.xml

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4853
                                              Entropy (8bit):4.446917100925482
                                              Encrypted:false
                                              SSDEEP:48:cvIwWl8zsnJg771I9hkBWpW8VYhYm8M4Jk5LvM6FVyq8vU5LvM4aMurFd:uIjfJI7ZQ7VJJcjMyWsjM41uZd
                                              MD5:03617D0F077B1246AF932A719A277CF0
                                              SHA1:397F9B1AA197C0A50FE5F2F157402B23B4F19829
                                              SHA-256:A65B844190DE347179B00E94E03B6C52B15878F1F5E02F408BC9C04D72F69FEC
                                              SHA-512:0A12A04AFE1438AAC76FED698FD46989B43F7D4573908DFF77CF117847DD4525F1DAF006356F84DC459D571A678E6A777327F0DE38D24E302B599F0826CBF8A5
                                              Malicious:false
                                              Reputation:low
                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635661" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                              C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\RXnQXC1eJa.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):979567347
                                              Entropy (8bit):0.030833747997346277
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:D5193660A206B36049A70CACEBA16B4C
                                              SHA1:31EFA31383B56124488361EA528CCB1BBE3764AC
                                              SHA-256:F33CFDC3134EA492245F55055388F892B5C438A2CF8D6F4917760207BF9E188E
                                              SHA-512:6A756158289CE2A59B59C68EAE80C2B2085CC56FF1D1B8CFA0CC0BA7E6A1D79C56CEFD5C6204D5A9F5E3B8F7C221BB5FD67044B934F2CA888D6E08A3291C4C25
                                              Malicious:true
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.............................4............@..................................f....@..................................+...........................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc................d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                              C:\Windows\appcompat\Programs\Amcache.hve

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:MS Windows registry file, NT/2000 or above
                                              Category:dropped
                                              Size (bytes):1835008
                                              Entropy (8bit):4.469525989372753
                                              Encrypted:false
                                              SSDEEP:6144:ezZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:AZHtYZWOKnMM6bFpoj4
                                              MD5:C3B52805F5B3822A6C142DF20632F30E
                                              SHA1:5CB45A5FF72586CD0356167EFC779066FB1157A2
                                              SHA-256:273F195640B9C8ADF740B369CA76D30E8E0E3B55B73C969DA03CE6B4444C90F8
                                              SHA-512:19BBFBC6AA6510A3A16CFB162D838976C2B12D3F9E0B018F3CF7941AFB51BAEA6AF17FB5C10110F7FAC1E32BABD592E1CB4C57EE89CE8C5D6CEF6C40391846A6
                                              Malicious:false
                                              Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...}.P.................................................................................................................................................................................................................................................................................................................................................I........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.148739581639469
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:RXnQXC1eJa.exe
                                              File size:1'852'928 bytes
                                              MD5:a98236d225058c446810c392ecfecc6d
                                              SHA1:7f6654060fa0e98e8d5c8de6a1927cf49ffa0f3d
                                              SHA256:27af91002593bb898ccc0eb2a065ee0897c3cc05751c66d10e434a45bc8af7b2
                                              SHA512:3e957c375c955f96c2ebae8cc0de802ac13a9a681daa9cdf60050120ff15a5fe51b77f7d6097de1025baa1b7fab43b2e7570457ab39f679e77d8a6dcb1c41ed4
                                              SSDEEP:49152:Tgro4FwGqa9gTCLLsX48O6Wun/dGCq6Wql:croqTV9gTCPY1
                                              TLSH:0F859F41B74BC03AD6216234E16123A1402A7BFF9B5382D7BD5D7D3A0A915E11F3BFA2
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0.......1.......3.......*.....].3.....^.=.....H.%.....O.?.....X.'...0.........A......._.1.....Z.1...Rich0..........

                                              File Icon

                                              Icon Hash:0f0371696969030e

                                              Static PE Info

                                              General

                                              Entrypoint:0x4734dc
                                              Entrypoint Section:.text
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x65EABAFA [Fri Mar 8 07:15:06 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:0
                                              File Version Major:5
                                              File Version Minor:0
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:0
                                              Import Hash:95c864c12aad39a0a38f3fd87dabadf6

                                              Authenticode Signature

                                              Signature Valid:
                                              Signature Issuer:
                                              Signature Validation Error:
                                              Error Number:
                                              Not Before, Not After
                                                Subject Chain
                                                  Version:
                                                  Thumbprint MD5:
                                                  Thumbprint SHA-1:
                                                  Thumbprint SHA-256:
                                                  Serial:

                                                  Entrypoint Preview

                                                  Instruction
                                                  call 00007FE8B08D624Ch
                                                  jmp 00007FE8B08D5A6Ch
                                                  cmp ecx, dword ptr [00496028h]
                                                  jne 00007FE8B08D5D34h
                                                  rep ret
                                                  jmp 00007FE8B08D62CEh
                                                  int3
                                                  jmp dword ptr [0047C31Ch]
                                                  mov edi, edi
                                                  push ebp
                                                  mov ebp, esp
                                                  test byte ptr [ebp+08h], 00000002h
                                                  push edi
                                                  mov edi, ecx
                                                  je 00007FE8B08D5D57h
                                                  push esi
                                                  push 00473BC4h
                                                  lea esi, dword ptr [edi-04h]
                                                  push dword ptr [esi]
                                                  push 0000000Ch
                                                  push edi
                                                  call 00007FE8B08D5EF7h
                                                  test byte ptr [ebp+08h], 00000001h
                                                  je 00007FE8B08D5D39h
                                                  push esi
                                                  call 00007FE8B08D5058h
                                                  pop ecx
                                                  mov eax, esi
                                                  pop esi
                                                  jmp 00007FE8B08D5D46h
                                                  call 00007FE8B08D63C5h
                                                  test byte ptr [ebp+08h], 00000001h
                                                  je 00007FE8B08D5D39h
                                                  push edi
                                                  call 00007FE8B08D5041h
                                                  pop ecx
                                                  mov eax, edi
                                                  pop edi
                                                  pop ebp
                                                  retn 0004h
                                                  jmp dword ptr [0047C304h]
                                                  push 00000014h
                                                  push 0048BD98h
                                                  call 00007FE8B08D6127h
                                                  push dword ptr [004988A0h]
                                                  mov esi, dword ptr [0047C35Ch]
                                                  call esi
                                                  pop ecx
                                                  mov dword ptr [ebp-1Ch], eax
                                                  cmp eax, FFFFFFFFh
                                                  jne 00007FE8B08D5D3Eh
                                                  push dword ptr [ebp+08h]
                                                  call dword ptr [0047C360h]
                                                  pop ecx
                                                  jmp 00007FE8B08D5D99h
                                                  push 00000008h
                                                  call 00007FE8B08D6351h
                                                  pop ecx
                                                  and dword ptr [ebp-04h], 00000000h
                                                  push dword ptr [004988A0h]
                                                  call esi
                                                  mov dword ptr [ebp-1Ch], eax
                                                  push dword ptr [0049889Ch]
                                                  call esi
                                                  pop ecx
                                                  pop ecx
                                                  mov dword ptr [ebp-20h], eax
                                                  lea eax, dword ptr [ebp-20h]

                                                  Rich Headers

                                                  Programming Language:
                                                  • [C++] VS2005 build 50727
                                                  • [ C ] VS2005 build 50727
                                                  • [IMP] VS2005 build 50727
                                                  • [ASM] VS2008 build 21022
                                                  • [ C ] VS2008 build 21022
                                                  • [C++] VS2008 build 21022
                                                  • [IMP] VS2008 build 21022
                                                  • [RES] VS2008 build 21022
                                                  • [LNK] VS2008 build 21022

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x92b840x1f4.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x990000x12e0bc.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xe1a000x5398.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd70000xa0e0.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x7cef00x1c.rdata
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x886b00x40.rdata
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x7c0000xe70.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x7b0000x7a80033d137731bb327f29ac610fb50f7bf54False0.4938217474489796data6.694852262445294IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x7c0000x1a0000x19c003b400efe65270b63067ac97b9ecd3b54False0.30643203883495146data4.618234948722544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0x960000x30000x1c00d49f398adb436223c993c2cd85f5add0False0.2431640625data4.453447405966862IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .rsrc0x990000x12e0bc0x12e20087f7814f1692b2cf5653fbb84576377eFalse0.5209268010446835data7.235999730232269IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  PNG0x999f00xb8aPNG image data, 15 x 15, 8-bit/color RGBA, non-interlacedChineseChina1.0037237643872714
                                                  RT_BITMAP0x9a57c0x248Device independent bitmap graphic, 64 x 15 x 4, image size 480, 16 important colorsChineseChina0.1267123287671233
                                                  RT_BITMAP0x9a7c40xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128, 16 important colorsChineseChina0.4698275862068966
                                                  RT_ICON0x9a8ac0x58caPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseChina0.9969643642762869
                                                  RT_ICON0xa01780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584ChineseChina0.13680054418549628
                                                  RT_ICON0xb09a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016ChineseChina0.27982446920327936
                                                  RT_ICON0xb9e480x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560ChineseChina0.267406015037594
                                                  RT_ICON0xc06300x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600ChineseChina0.31497227356746765
                                                  RT_ICON0xc5ab80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896ChineseChina0.26452527161076994
                                                  RT_ICON0xc9ce00x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 14880ChineseChina0.3460455764075067
                                                  RT_ICON0xcd7280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.39066390041493776
                                                  RT_ICON0xcfcd00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720ChineseChina0.392603550295858
                                                  RT_ICON0xd17380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.4294090056285178
                                                  RT_ICON0xd27e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400ChineseChina0.5868852459016394
                                                  RT_ICON0xd31680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680ChineseChina0.6319767441860465
                                                  RT_ICON0xd38200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.6968085106382979
                                                  RT_MENU0xd3c880x1e8Matlab v4 mat-file (little endian) D, numeric, rows 4587536, columns 7077993, imaginaryChineseChina0.4774590163934426
                                                  RT_MENU0xd3e700x1e0Matlab v4 mat-file (little endian) S, numeric, rows 4980752, columns 5439561, imaginaryChineseChina0.4979166666666667
                                                  RT_DIALOG0xd40500x1d8dataChineseChina0.5932203389830508
                                                  RT_DIALOG0xd42280x70dataChineseChina0.7857142857142857
                                                  RT_DIALOG0xd42980x34dataChineseChina0.8461538461538461
                                                  RT_DIALOG0xd42cc0x304dataChineseChina0.46113989637305697
                                                  RT_DIALOG0xd45d00x1a0dataChineseChina0.49038461538461536
                                                  RT_DIALOG0xd47700x104dataChineseChina0.65
                                                  RT_DIALOG0xd48740x3cadataChineseChina0.4402061855670103
                                                  RT_DIALOG0xd4c400x472dataChineseChina0.36203866432337434
                                                  RT_DIALOG0xd50b40x2aadataChineseChina0.4472140762463343
                                                  RT_DIALOG0xd53600x1f8dataChineseChina0.46825396825396826
                                                  RT_DIALOG0xd55580x328dataChineseChina0.42945544554455445
                                                  RT_DIALOG0xd58800x32cdataChineseChina0.4630541871921182
                                                  RT_DIALOG0xd5bac0x21cdataChineseChina0.5222222222222223
                                                  RT_DIALOG0xd5dc80x120dataChineseChina0.5590277777777778
                                                  RT_DIALOG0xd5ee80x1f0dataChineseChina0.5544354838709677
                                                  RT_DIALOG0xd60d80x2fedataChineseChina0.46866840731070497
                                                  RT_DIALOG0xd63d80x6cdataChineseChina0.7777777777777778
                                                  RT_STRING0xd64440x48dataChineseChina0.6944444444444444
                                                  RT_GROUP_ICON0xd648c0xbcdataChineseChina0.7074468085106383
                                                  RT_VERSION0xd65480x30cdataChineseChina0.45256410256410257
                                                  RT_DLGINCLUDE0xd68540x6dc36PC bitmap, Windows 3.x format, 57159 x 2 x 53, image size 449788, cbSize 449590, bits offset 540.6961364799039125
                                                  RT_ANIICON0x14448c0xcd16PC bitmap, Windows 3.x format, 7534 x 2 x 46, image size 52892, cbSize 52502, bits offset 540.42516475562835704
                                                  RT_ANIICON0x1511a40xa3e9PC bitmap, Windows 3.x format, 6084 x 2 x 50, image size 42586, cbSize 41961, bits offset 540.3472271871499726
                                                  RT_ANIICON0x15b5900x8d22PC bitmap, Windows 3.x format, 4756 x 2 x 49, image size 36886, cbSize 36130, bits offset 540.46794907279269304
                                                  RT_ANIICON0x1642b40x34464PC bitmap, Windows 3.x format, 27250 x 2 x 43, image size 214384, cbSize 214116, bits offset 540.47754488221337965
                                                  RT_ANIICON0x1987180x2e98ePC bitmap, Windows 3.x format, 24293 x 2 x 46, image size 191335, cbSize 190862, bits offset 540.48345925328247635
                                                  None0x1c70a80x14dataChineseChina1.25

                                                  Imports

                                                  DLLImport
                                                  KERNEL32.dllGetModuleHandleW, GetProcAddress, lstrlenW, GetLastError, LoadLibraryW, SetLastError, MulDiv, GetPrivateProfileStringW, GetVolumeInformationW, ExpandEnvironmentStringsW, FindFirstFileW, FindNextFileW, FindClose, InterlockedDecrement, CloseHandle, GetModuleFileNameW, InterlockedExchange, QueryPerformanceFrequency, QueryPerformanceCounter, GetCurrentProcess, CreateMutexW, Sleep, GetSystemTimeAsFileTime, GetLogicalDrives, GetDriveTypeW, GetLongPathNameW, GetVersion, GetVolumeNameForVolumeMountPointW, GetTickCount, WideCharToMultiByte, SetPriorityClass, GetPriorityClass, GetSystemPowerStatus, LeaveCriticalSection, FreeLibrary, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, CreateThread, WaitForMultipleObjects, CreateFileW, DeviceIoControl, HeapFree, GetProcessHeap, GetCommandLineW, LocalFree, MultiByteToWideChar, GetComputerNameW, GetDiskFreeSpaceW, GetFileAttributesW, FileTimeToSystemTime, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetCurrentProcessId, EnterCriticalSection, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, lstrlenA, LocalFileTimeToFileTime, DosDateTimeToFileTime, ReadFile, FormatMessageW, GetDiskFreeSpaceExW, FlushFileBuffers
                                                  USER32.dllSetRectEmpty, EnableWindow, LoadBitmapW, GetDC, DrawTextW, ReleaseDC, CopyRect, DestroyCursor, SetCapture, GetCapture, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, ReleaseCapture, InsertMenuW, CreateMenu, GetWindowLongW, GetMenuItemInfoW, UnionRect, GetMenuBarInfo, EnableMenuItem, ModifyMenuW, GetMenuState, LoadImageW, GetSysColorBrush, SetWindowLongW, OffsetRect, SendNotifyMessageW, AppendMenuW, CreatePopupMenu, GetActiveWindow, MessageBoxW, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, DispatchMessageW, GetSysColor, GetCursor, DrawIcon, LoadIconW, IsIconic, PostMessageW, KillTimer, SetTimer, LoadCursorW, SetCursor, GetSystemMetrics, GetSubMenu, CheckMenuItem, GetMenuItemID, GetMenuItemCount, LoadMenuW, GetLastInputInfo, ExitWindowsEx, SetPropW, SetForegroundWindow, EnumWindows, GetPropW, GetComboBoxInfo, InvalidateRect, InflateRect, GrayStringW, DrawTextExW, TabbedTextOutW, IsWindowVisible, IsWindow, ScreenToClient, GetCursorPos, RedrawWindow, PtInRect, TrackMouseEvent, GetParent, GetClientRect, SetRect, FrameRect, FillRect, GetWindowRect, SendMessageW
                                                  GDI32.dllCreateSolidBrush, Escape, ExtTextOutW, PtVisible, CreatePen, GetDCBrushColor, GetBkMode, CreateRoundRectRgn, CreatePatternBrush, SetBrushOrgEx, FillRgn, FrameRgn, BeginPath, EndPath, FillPath, CreateFontIndirectW, Rectangle, GetDeviceCaps, PatBlt, RectVisible, GetBkColor, DPtoLP, GetMapMode, CreateCompatibleBitmap, LPtoDP, CreateFontW, GetTextMetricsW, TextOutW, GetTextExtentPoint32W, GetCurrentObject, GetDIBColorTable, StretchBlt, BitBlt, GetObjectW, SetDIBColorTable, SelectObject, CreateDIBSection, CreateCompatibleDC, DeleteDC, DeleteObject
                                                  MSIMG32.dllAlphaBlend, TransparentBlt, GradientFill
                                                  ADVAPI32.dllQueryServiceConfigW, GetUserNameW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, ChangeServiceConfigW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, StartServiceW, ControlService, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegOpenKeyW, AdjustTokenPrivileges
                                                  SHELL32.dllSHGetFileInfoW, ShellExecuteW, SHGetSpecialFolderPathW, SHBrowseForFolderW, SHGetPathFromIDListW, Shell_NotifyIconW, SHQueryRecycleBinW, SHEmptyRecycleBinW, CommandLineToArgvW
                                                  COMCTL32.dllInitCommonControlsEx, _TrackMouseEvent
                                                  SHLWAPI.dllPathFileExistsW, StrFormatByteSizeW, ColorAdjustLuma, StrFormatKBSizeW
                                                  ole32.dllCoSetProxyBlanket, CoUninitialize, CoInitialize, CoCreateInstance, CoTaskMemFree
                                                  OLEAUT32.dllSysFreeString, VariantInit, VariantClear, SysAllocString
                                                  gdiplus.dllGdipGetImageEncoders, GdipGetImageEncodersSize, GdipSaveImageToFile, GdipDeleteFont, GdipCreateFont, GdipDeleteFontFamily, GdipGetGenericFontFamilySansSerif, GdipCreateFontFamilyFromName, GdipDeleteCachedBitmap, GdipCreateCachedBitmap, GdipDrawCachedBitmap, GdipMeasureString, GdipDrawString, GdipFillPath, GdipFillPie, GdipFillEllipse, GdipFillRectangle, GdipDrawPath, GdipDrawPie, GdipDrawEllipse, GdipDrawRectangle, GdipDrawLine, GdipSetSmoothingMode, GdipCreateFromHDC, GdipAddPathPath, GdipAddPathArc, GdipAddPathLine, GdipResetPath, GdipDeletePath, GdipCreatePath, GdipSetStringFormatFlags, GdipDeleteStringFormat, GdipCreateStringFormat, GdipSetPenBrushFill, GdipSetPenColor, GdipDeletePen, GdipCreatePen2, GdipCreatePen1, GdipSetLineColors, GdipCreateLineBrushI, GdipCreateLineBrush, GdipSetSolidFillColor, GdipCreateSolidFill, GdipCloneBrush, GdipDeleteBrush, GdiplusShutdown, GdiplusStartup, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromFile, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipDrawImageI, GdipDeleteGraphics, GdipGetImageGraphicsContext, GdipDisposeImage, GdipAlloc, GdipFree, GdipFillRectangleI
                                                  UxTheme.dllDrawThemeBackground, CloseThemeData, OpenThemeData
                                                  WINMM.dllmciGetErrorStringW, mciSendCommandW

                                                  Possible Origin

                                                  Language of compilation systemCountry where language is spokenMap
                                                  ChineseChina

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2024-12-17T20:18:37.800781+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.161.43.182845192.168.2.649745TCP

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Dec 17, 2024 20:18:36.335438013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:36.462003946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:36.462352991 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:36.462726116 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:36.583839893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:37.677968979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:37.680841923 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:37.800781012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.056544065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.068547964 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.188699007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459456921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459490061 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459510088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459536076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459553003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459568977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459584951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459698915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459697962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.459697962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.459716082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.459799051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.468077898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.468108892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.468143940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.472650051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.472724915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.579930067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.579958916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.580158949 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.651204109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.651326895 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.651396036 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.655114889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.656539917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.656563044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.656763077 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.661123991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.661180973 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.661186934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.669281960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.669306040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.669342995 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.676724911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.676762104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.676798105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.684485912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.684523106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.684566975 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.692403078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.692467928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.692523956 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.700432062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.700500011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.700604916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.707894087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.707933903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.708041906 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.715675116 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.715699911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.715800047 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.723243952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.723351955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.723409891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.730911016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.730984926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.731064081 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.738548994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.738651037 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.843329906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.843353987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.843416929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.845379114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.845524073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.845571995 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.849905968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.851511955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.851574898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.851591110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.856086016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.856205940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.856260061 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.860510111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.860656977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.860727072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.864645958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.864670992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.864727974 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.868911028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.868937969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.869038105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.873111963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.873225927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.873290062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.877325058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.877341032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.877403975 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.881593943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.881684065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.881742001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.885775089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.885876894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.885931015 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.890150070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.890199900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.890275002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.894262075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.894376040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.894440889 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.898523092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.898638010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.898648024 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.902781963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.902882099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.903063059 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.907181025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.907294035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.907350063 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.911195993 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.911256075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.911288977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.915424109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.915524960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.915581942 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.919904947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.920003891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.920032024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.925409079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.925710917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.925815105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.928726912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.928828001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.928904057 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.932344913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.932446003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.932537079 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.963185072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.963355064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.963485003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:38.965250969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:38.965317965 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.035336018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.035444021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.035552025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.035989046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.036046028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.036856890 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.039758921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.039824963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.039907932 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.043201923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.043323994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.043483019 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.046547890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.046633959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.046962976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.050056934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.050292969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.050368071 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.053158045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.053267002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.053327084 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.056379080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.056423903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.056480885 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.059432983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.059530973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.059613943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.062630892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.062761068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.062813997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.065481901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.065598965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.065666914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.071508884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.071532011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.071619034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.072201014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.072500944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.074652910 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.075927019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.076083899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.078125954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.078181028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.078260899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.078299999 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.081268072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.081414938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.081470013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.083506107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.083566904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.083616972 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.086671114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.086759090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.086838007 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.089601040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.089766026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.089821100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.092591047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.092669964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.092809916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.094465017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.094580889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.094638109 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.096312046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.096347094 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.097038031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.100830078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.100852966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.100894928 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.100955009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.101142883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.102675915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.102694035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.102823019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.104113102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.104635000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.104779959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.104829073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.106427908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.106621981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.106667042 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.108294964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.108639002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.108681917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.110270977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.110289097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.110333920 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.112128019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.112309933 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.112353086 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.113786936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.113941908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.113987923 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.115780115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.115958929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.116013050 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.117918015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.118482113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.118566990 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.118848085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.119800091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.119857073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.121444941 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.121578932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.122663021 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.123210907 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.123367071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.123410940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.124556065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.124573946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.124624968 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.126270056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.126379013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.126434088 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.128112078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.176614046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.226985931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.227010012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.227066994 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.227727890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.228091002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.228223085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.228262901 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.230052948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.230101109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.230164051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.231832027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.231873989 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.231993914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.233695984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.233736992 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.233828068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.235577106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.235630989 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.235668898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.237498999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.237559080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.237600088 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.239168882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.239233017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.239273071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.240865946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.240906954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.240952969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.242705107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.242749929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.242788076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.244219065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.244342089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.244373083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.245872974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.245927095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.245949984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.247457027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.247538090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.247648954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.249125004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.249172926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.249207973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.250708103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.250749111 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.250822067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.252433062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.252492905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.252531052 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.254045010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.254120111 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.254127979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.255522013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.255601883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.255676031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.257168055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.257193089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.257215023 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.258810997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.258898020 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.258945942 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.260343075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.260387897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.260472059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.261981010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.262033939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.262145996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.263592958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.263695002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.263765097 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.265203953 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.265290022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.265309095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.266858101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.266999006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.267024994 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.268395901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.268444061 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.268477917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.270071030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.270123959 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.270199060 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.271714926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.271830082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.271883965 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.273281097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.273336887 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.273361921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.274874926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.275002956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.275048018 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.276540995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.276556969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.276591063 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.278134108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.278151989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.278188944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.279726982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.279777050 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.279815912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.281320095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.281369925 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.281414032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.282952070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.283107042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.283164024 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.284549952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.284632921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.284770966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.286174059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.286283016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.286333084 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.287803888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.287910938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.287965059 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.289397955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.289453983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.289470911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.291011095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.291100025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.291162014 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.292617083 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.292680025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.292716980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.294220924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.294262886 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.294342041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.295823097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.295870066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.295892954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.297472954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.297532082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.297614098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.299099922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.299146891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.299217939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.300738096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.300802946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.300801039 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.302326918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.302383900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.302416086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.303973913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.304071903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.304105997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.305552959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.305591106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.305599928 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.307107925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.307172060 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.307204008 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.348505020 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.419075966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.419202089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.419274092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.419771910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.419812918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.421129942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.421179056 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.421245098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.421286106 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.422544956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.422746897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.423984051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.424009085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.424048901 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.425333023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.425435066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.426630974 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.426790953 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.426891088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.427927017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.427997112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.428102016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.428694963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.429296017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.429382086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.429502010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.430633068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.430718899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.430763006 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.431960106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.432040930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.432089090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.433374882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.433424950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.434559107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.434609890 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.434714079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.435869932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.435945988 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.435983896 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.436054945 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.437206030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.437367916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.437407970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.438503027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.438644886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.438913107 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.439920902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.440018892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.440062046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.441107035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.441225052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.441298962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.442452908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.442581892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.443856001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.443914890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.443916082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.443965912 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.445076942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.445209026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.445524931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.446302891 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.446476936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.446515083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.447581053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.447762966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.447860003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.448863983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.448992014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.449038029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.450174093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.450293064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.450331926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.451385021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.451461077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.451534986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.452553988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.452610016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.453227997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.453835011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.453948021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.454022884 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.455043077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.455215931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.455634117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.456317902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.456420898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.456459999 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.457540035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.457670927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.457711935 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.458820105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.458961010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.459017992 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.460064888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.460184097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.461339951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.461409092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.461457014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.461529970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.462632895 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.462734938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.462827921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.463840008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.463960886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.464004993 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.465082884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.465186119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.465342045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.466391087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.466515064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.466604948 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.467880964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.467993021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.468040943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.468931913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.469022036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.469989061 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.470169067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.470247030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.470642090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.471386909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.471487045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.471534014 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.472817898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.472949982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.473017931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.473879099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.473944902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.474215031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.475142002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.475214005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.475261927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.476350069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.476377964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.477025986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.477566957 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.477690935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.477798939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.478873968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.479053974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.479101896 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.480062962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.480283022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.480721951 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.481331110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.481507063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.482099056 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.482530117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.482642889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.482702971 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.483864069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.484041929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.484687090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.484981060 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.485133886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.485186100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.486202955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.535999060 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.610897064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.610932112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.611026049 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.611387968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.611638069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.611680984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.611737013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.612824917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.612881899 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.612925053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.613986969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.614113092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.614165068 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.615211010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.615358114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.615411997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.616349936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.616403103 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.616430998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.617554903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.617649078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.617702007 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.618716955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.618772030 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.618807077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.619873047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.619976044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.620027065 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.621066093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.621150970 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.621201992 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.622378111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.622423887 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.622499943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.623444080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.623567104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.623608112 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.624573946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.624619961 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.624691963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.625758886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.625885010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.625901937 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.626914024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.627068043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.627127886 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.628093958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.628127098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.628150940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.629273891 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.629376888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.629436016 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.630448103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.630512953 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.630609035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.631614923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.631717920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.631766081 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.632827997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.632883072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.632931948 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.633989096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.634042025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.634082079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.635214090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.635332108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.635381937 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.636362076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.636419058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.636431932 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.637471914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.637571096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.637626886 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.638659954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.638722897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.638762951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.639909983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.640089989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.640152931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.641113997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.641253948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.641307116 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.642210007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.642263889 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.642309904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.643440008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.643587112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.643639088 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.644613981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.644665003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.644675970 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.645721912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.645768881 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.645775080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.646962881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.647119999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.647178888 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.648174047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.648221970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.648258924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.649245024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.649363041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.649408102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.650439978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.650490046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.650502920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.651602983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.651695013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.651746035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.652816057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.652885914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.652940035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.653939962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.654015064 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.654050112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.655137062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.655226946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.655358076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.656316996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.656369925 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.656425953 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.657454967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.657567978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.657618046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.658648014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.658698082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.658766985 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.659800053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.659907103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.659955025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.660985947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.661079884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.661124945 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.662153959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.662198067 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.662260056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.663328886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.663391113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.663434029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.664525986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.664567947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.664617062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.665731907 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.665982962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.666037083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.666867018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.666923046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.666948080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.668122053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.668500900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.668560028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.669291973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.669373989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.669423103 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.670413971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.670460939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.670547009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.671613932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.671631098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.671684027 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.683725119 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.683762074 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.802957058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.802993059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.803468943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.803550005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.803561926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.803654909 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.804650068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.804743052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.804841042 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.805872917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.805972099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.807053089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.807126045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.807169914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.807212114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.808206081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.808379889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.808784962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.809361935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.809408903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.810524940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.810575008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.810576916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.810614109 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.811664104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.811805964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.812856913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.812907934 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.812952995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.812989950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.814008951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.814112902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.814157963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.815200090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.815301895 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.816469908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.816513062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.816557884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.816596985 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.817732096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.817888021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.817930937 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.818896055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.819004059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.820242882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.820295095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.820338964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.820378065 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.821556091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.821664095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.821715117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.822987080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.823117971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.824323893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.824374914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.824412107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.824451923 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.825414896 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.825495958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.825541973 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.826306105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.826425076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.827239037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.827285051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.827301979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.827333927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.828140974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.828167915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.829335928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.829386950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.829425097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.829463005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.830473900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.830548048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.830598116 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.831655025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.831815004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.832823992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.832875013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.832909107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.832946062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.833996058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.834059000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.834115982 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.835189104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.835249901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.836324930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.836376905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.836416960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.836455107 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.837492943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.837630033 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.838643074 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.838689089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.838830948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.839993000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.840013027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.840045929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.840089083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.841062069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.841259003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.841357946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.842355013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.842472076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.842636108 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.843410015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.843452930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.844577074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.844625950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.844649076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.844686985 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.845838070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.845874071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.845918894 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.846962929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.846981049 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.847026110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.848160982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.848274946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.849287987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.849335909 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.849360943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.849404097 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.850431919 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.850529909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.850631952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.851603031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.851691961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.852963924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.853025913 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.853079081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.853115082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.854029894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.854046106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.854099035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.855159044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.855362892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.855411053 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.856421947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.856515884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.857450962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.857507944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.857588053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.857631922 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.858690023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.858824015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.858917952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.859847069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.859947920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.861036062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.861088037 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.861121893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.861165047 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.862179041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.862306118 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.862627983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.863363028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.863466978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.864170074 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.864490032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.911009073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.995150089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.995187998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.995306015 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.995336056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.995417118 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.996030092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.996088028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.996125937 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.996172905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.997190952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.997292995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.998423100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.998439074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.998471975 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.998498917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:39.999568939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.999669075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:39.999715090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.000711918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.000778913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.001872063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.001929998 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.001955032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.001993895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.003107071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.003240108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.003288984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.004239082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.004338980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.005440950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.005490065 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.005534887 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.005577087 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.006583929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.006746054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.007777929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.007823944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.007900000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.007942915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.008936882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.009089947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.010133982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.010215044 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.010256052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.010299921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.011392117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.011495113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.011542082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.012562037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.012715101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.013649940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.013710022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.013752937 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.013796091 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.014832020 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.014894009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.014935970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.016005039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.016180038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.017144918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.017189980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.017237902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.017282009 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.018377066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.018424034 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.018634081 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.019516945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.019655943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.020684958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.020766973 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.020802975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.020850897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.021910906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.021955967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.022660971 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.023039103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.023128986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.024235010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.024319887 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.024370909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.024413109 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.025221109 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.025446892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.025588036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.025626898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.026539087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.026669025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.026860952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.027721882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.027837038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.028887987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.028939962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.029011965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.029051065 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.030092001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.030184984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.030636072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.031366110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.031413078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.032423019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.032475948 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.032505035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.032543898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.033596992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.033704042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.034635067 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.034830093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.034918070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.036007881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.036046028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.036060095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.036093950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.037158012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.037297010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.038336992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.038387060 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.038408041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.038443089 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.039498091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.039578915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.039627075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.040679932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.040788889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.041829109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.041878939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.041964054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.042007923 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.043107986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.043245077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.043292999 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.044214010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.044333935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.045332909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.045377016 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.045449018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.045486927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.046495914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.046539068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.046627045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.047681093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.047734976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.048974037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.049026966 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.049067974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.049104929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.050105095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.050122976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.050177097 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.051213026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.051310062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.051359892 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.052407026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.052558899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.053618908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.053678989 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.053714991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.053755999 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.054749012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.054878950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.054939032 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.055932999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.056077003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.058644056 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.078861952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.143986940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.187309980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.187505007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.187627077 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.188257933 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.188318014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.188361883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.236424923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.236470938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.236602068 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.236754894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.236859083 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.236903906 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.237781048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.237873077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.237912893 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.239001989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.239020109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.239088058 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.239633083 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.239650011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.239686966 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.240688086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.240767002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.240798950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.241843939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.241895914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.241950989 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.243052959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.243113995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.243154049 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.244368076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.244596958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.244637012 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.245491982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.245583057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.245635033 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.246532917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.246632099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.246678114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.247685909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.247798920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.247857094 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.248924017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.249052048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.249109983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.250555992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.250654936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.250693083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.251559019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.251614094 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.251656055 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.252574921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.252675056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.252718925 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.253520966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.253593922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.253638029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.254767895 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.254831076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.254872084 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.255954027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.256026983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.256063938 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.257025957 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.257113934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.257155895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.258178949 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.258337021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.258377075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.259329081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.259433031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.259469986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.260528088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.260628939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.260668039 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.261647940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.261755943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.261796951 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.262939930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.263045073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.263087988 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.263967991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.264107943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.264143944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.265146971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.265263081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.265301943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.266319036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.266406059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.266444921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.267513037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.267606974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.267647028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.268754959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.269030094 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.269071102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.269882917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.269900084 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.269938946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.270993948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.271095037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.271136999 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.272212982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.272321939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.272358894 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.273402929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.273601055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.273642063 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.274938107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.274982929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.275022984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.276089907 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.276246071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.276300907 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.277707100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.277755022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.277792931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.278855085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.278918982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.278959036 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.280147076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.280164003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.280210018 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.281192064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.281352043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.281394005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.282552004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.282671928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.282710075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.283854008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.283967972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.284014940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.284862995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.284950018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.284990072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.285896063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.285978079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.286017895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.286979914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.287091970 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.287134886 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.287952900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.288074970 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.288108110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.288881063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.289000034 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.289033890 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.289844036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.289931059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.289974928 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.290877104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.291057110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.291099072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.292051077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.292133093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.292175055 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.293169022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.293236971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.293277979 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.294338942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.348493099 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.379244089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.379391909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.379441977 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.379708052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.379909039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.379935026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.379952908 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.381122112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.381144047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.381170034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.382286072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.382334948 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.382385969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.383451939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.383503914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.383507013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.384648085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.384687901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.384701967 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.385756969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.385804892 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.385854959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.386960983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.386981964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.387008905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.388094902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.388144016 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.388183117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.389439106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.389467001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.389487982 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.390501022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.390543938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.390552044 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.391602993 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.391650915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.391694069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.392868042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.392915010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.393017054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.394244909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.394285917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.394308090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.395674944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.395752907 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.395782948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.396859884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.396928072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.396939039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.397943020 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.397980928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.397990942 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.398969889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.399015903 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.399070978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.399982929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.400017023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.400034904 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.400969028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.401015043 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.401032925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.402142048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.402185917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.402235985 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.403286934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.403326035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.403390884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.404459953 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.404479027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.404506922 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.405731916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.405781031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.405833960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.406779051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.406817913 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.406860113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.407953024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.407990932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.407994032 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.409203053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.409260988 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.409308910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.410569906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.410615921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.410648108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.411828995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.411875963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.411926985 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.413211107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.413254023 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.413341999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.414412975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.414458036 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.414540052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.415672064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.415723085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.415723085 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.416692019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.416744947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.416867971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.417730093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.417764902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.417784929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.418739080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.418776989 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.418791056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.419809103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.419852018 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.419907093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.420895100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.420941114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.421020985 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.421988964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.422029972 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.422054052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.423113108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.423157930 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.423232079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.425365925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.425415039 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.425463915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.425579071 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.425595045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.425651073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.426774979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.426846981 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.426881075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.427886009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.427925110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.427994013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.429008007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.429048061 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.429076910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.430192947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.430241108 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.430274010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.431346893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.431396961 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.431427002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.432497025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.432544947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.432596922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.433671951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.433715105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.433793068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.434875965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.434973955 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.435008049 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.436105013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.436135054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.436148882 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.437179089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.437231064 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.437308073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.438324928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.438370943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.438566923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.439507961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.439553022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.439630032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.489115000 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.571500063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.571549892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.571599960 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.571790934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.571904898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.571943045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.572686911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.572794914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.572870970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.573563099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.573714018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.573756933 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.574385881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.574527979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.574565887 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.575381041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.575414896 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.575457096 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.576160908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.576248884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.576319933 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.577053070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.577202082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.577243090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.577878952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.577995062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.578033924 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.578727961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.579248905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.579287052 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.579576969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.579674006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.579711914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.580406904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.580584049 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.580624104 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.581326962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.581407070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.581449986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.582175016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.582257032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.582293034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.583060980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.583137035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.583184004 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.583971024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.584065914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.584105968 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.584775925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.584908009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.584947109 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.585663080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.585845947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.585886002 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.586462021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.586589098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.586631060 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.587379932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.587446928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.587487936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.588224888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.588357925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.588402033 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.589195967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.589327097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.589376926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.589941025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.590044022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.590085030 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.590807915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.590914965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.590955019 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.591645002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.591751099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.591792107 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.592504025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.592628956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.592678070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.593408108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.593549013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.593589067 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.594280005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.594336987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.594382048 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.595124006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.595247030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.595282078 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.595971107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.596081972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.596122026 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.596837997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.596936941 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.596973896 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.597693920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.597767115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.597801924 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.598681927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.598728895 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.598769903 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.599445105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.599558115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.599600077 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.600323915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.600502968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.600543022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.601174116 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.601371050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.601408005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.602047920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.602159023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.602215052 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.602920055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.603010893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.603054047 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.603844881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.603929996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.603967905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.604619026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.604729891 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.604779005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.605511904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.605609894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.605650902 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.606389999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.606513023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.606631994 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.607275963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.607445955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.607486963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.608109951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.608230114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.608268976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.608944893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.609092951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.609133005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.609992027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.610049009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.610097885 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.610666037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.610774994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.610812902 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.611547947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.611607075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.611644030 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.612386942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.612555981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.612624884 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.613297939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.613421917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.613461971 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.614130974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.614268064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.614305973 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.614964962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.615065098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.615103006 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.615869999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.615962982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.616000891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.616648912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.661071062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.763468027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.763498068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.763570070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.763710022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.763854980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.763895035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.764672041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.764813900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.764866114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.765774012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.765836954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.765878916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.766419888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.766457081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.766498089 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.767369032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.767676115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.767714977 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.768312931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.768369913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.768409967 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.769217968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.769273996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.769315958 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.770030975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.770267010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.770303011 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.771231890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.771356106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.771397114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.772368908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.772618055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.772660017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.773149967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.773315907 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.773355007 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.773932934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.774301052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.774339914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.774683952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.774739981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.774789095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.775358915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.775453091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.775489092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.776238918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.776376009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.776415110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.776765108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.776913881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.776949883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.777437925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.777544975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.777584076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.778320074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.778465033 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.778501034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.779257059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.779356003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.779392958 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.780118942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.780251026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.780291080 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.781014919 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.781174898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.781209946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.781812906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.781888962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.781923056 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.782735109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.782753944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.782819986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.783497095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.783696890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.783739090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.784486055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.784573078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.784607887 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.785386086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.785535097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.785571098 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.786113977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.786178112 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.786212921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.786994934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.787055016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.787108898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.787921906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.787966967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.788002968 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.788763046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.788870096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.788908005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.789856911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.789937973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.789975882 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.790894032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.790921926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.790963888 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.792910099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.792946100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.792960882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.792987108 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.793030977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.793064117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.793569088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.793715000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.793755054 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.794575930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.794600964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.794636011 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.795340061 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.795401096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.795435905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.796087980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.796205044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.796240091 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.797225952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.797317982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.797360897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.797837973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.797874928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.797919035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.798875093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.798979044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.799022913 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.799585104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.799654961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.799691916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.800410986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.800473928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.800508022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.801197052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.801243067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.801284075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.801976919 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.802052975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.802087069 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.803031921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.803050995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.803642988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.803668022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.803670883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.803704977 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.804442883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.804488897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.804521084 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.805150032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.805171013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.805202961 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.805960894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.805982113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.806024075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.807076931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.807151079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.807184935 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.807702065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.807784081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.807826996 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.808543921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.848509073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.955605984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.955718040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.955804110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.955996037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.956084013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.956135035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.956562042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.956686974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.956736088 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.957434893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.957535982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.957573891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.958357096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.958477020 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.958519936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.959377050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.959486008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.959534883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.960201979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.960306883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.960357904 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.960923910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.961002111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.961041927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.961769104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.961847067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.961886883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.962644100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.962730885 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.962770939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.963485003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.963593960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.963634014 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.964545965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.964644909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.964685917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.965318918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.965358973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.965400934 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.966291904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.966411114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.966519117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.966927052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.967039108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.967077017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.967801094 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.967904091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.967967033 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.968728065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.968820095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.968863010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.969521999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.969743967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.969784975 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.970381975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.970437050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.970513105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.971263885 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.971307039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.971353054 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.972162008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.972244024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.972291946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.973042011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.973211050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.973253012 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.973913908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.974030018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.974066019 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.974925041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.975049973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.975095034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.975768089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.975819111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.975862980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.976511955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.976578951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.976617098 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.977309942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.977451086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.977497101 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.978190899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.978264093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.978303909 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.979063988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.979187012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.979228020 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.979875088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.979974031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.980031013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.980803967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.980855942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.980892897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.981621981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.981776953 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.981825113 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.982489109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.982640982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.982686043 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.983374119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.983460903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.983505011 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.984204054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.984443903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.984492064 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.985089064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.985177040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.985255957 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.985949993 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.986119986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.986161947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.986850977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.986995935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.987029076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.987678051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.987698078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.987746000 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.988549948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.988656044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.988702059 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.989424944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.989556074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.989614010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.990269899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.990387917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.990437984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.991156101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.991214991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.991272926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.992048979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.992252111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.992295027 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.992882967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.992964029 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.993009090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.993823051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.993973017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.994014025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.994687080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.994723082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.994771957 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.995512009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.995630980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.995682001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.996359110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.996457100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.996505976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.997243881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.997299910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.997349024 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.998045921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.998176098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.998215914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.998936892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.999001980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.999047995 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:40.999797106 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.999856949 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:40.999897957 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.000595093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.147800922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.147960901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.148070097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.148073912 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.148155928 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.148195982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.148267031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.148682117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.149070978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.149132013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.149185896 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.149956942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.150105000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.150429964 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.150765896 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.150793076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.150837898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.151659012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.151731014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.151814938 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.152551889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.152570009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.152622938 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.153578997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.153610945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.153659105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.154330969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.154484034 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.154534101 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.155452013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.155559063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.155728102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.155915976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.155980110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.156065941 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.156953096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.156970024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.157044888 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.157676935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.157752991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.157792091 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.158626080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.158766031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.158987045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.159462929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.159611940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.159652948 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.160260916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.160290956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.160418987 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.161240101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.161415100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.161979914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.161990881 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.162069082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.162111998 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.162874937 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.162899971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.162945986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.163681984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.163844109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.163892984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.164604902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.164808989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.165046930 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.165458918 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.165527105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.166070938 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.166317940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.166424990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.166474104 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.167169094 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.167289972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.167356968 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.168073893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.168292046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.168344021 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.168919086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.169014931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.169787884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.169821978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.169842005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.169871092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.170631886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.170711994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.170758963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.171524048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.171549082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.171602011 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.172358990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.172631979 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.172724962 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.173239946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.173320055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.173366070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.174282074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.174390078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.174436092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.175108910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.175188065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.175226927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.175865889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.175954103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.176008940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.176805973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.176822901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.176876068 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.177561998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.177660942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.177706003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.178560019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.178633928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.179265976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.179337025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.179354906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.179388046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.180175066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.180267096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.180341005 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.181257010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.181374073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.181411028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.181942940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.182049990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.182163954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.182897091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.183226109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.183279037 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.183608055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.183691978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.184225082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.184504032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.184552908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.184607983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.185302019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.185344934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.185424089 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.186163902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.186264992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.186314106 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.187036991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.187097073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.187880993 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.188014030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.188079119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.188807964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.188832045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.188882113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.188965082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.189696074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.189768076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.189822912 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.190550089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.190712929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.190874100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.191466093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.191510916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.191586971 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.192250013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.192346096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.192559004 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.339891911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.339915037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.340029001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.340146065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.340286016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.340341091 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.340418100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.341243982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.341308117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.341331005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.341995001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.342101097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.342147112 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.343019962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.343085051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.343113899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.343715906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.343835115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.343884945 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.344590902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.344650984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.344749928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.345436096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.345464945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.345503092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.346337080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.346388102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.346637011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.347187042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.347235918 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.347299099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.348079920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.348221064 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.348242998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.348963022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.349014997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.349076986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.349879980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.350018024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.350075006 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.350729942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.350790977 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.350869894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.351547003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.351603031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.351660013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.352365017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.352421045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.352504969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.353298903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.353365898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.353404999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.354108095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.354172945 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.354338884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.355006933 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.355065107 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.355087996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.355843067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.355875015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.355914116 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.356694937 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.356740952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.356774092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.357544899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.357597113 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.357656002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.358428955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.358488083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.358599901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.359374046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.359425068 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.359430075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.360171080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.360223055 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.360337019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.361013889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.361077070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.361099005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.361876011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.361979961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.362030029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.362761974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.362823963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.362867117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.363576889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.363729000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.363775015 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.364463091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.364598036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.364646912 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.365401030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.365483999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.365531921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.366205931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.366256952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.366266012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.367080927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.367125034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.367186069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.367937088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.367975950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.367976904 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.368824005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.369002104 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.369010925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.369735003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.369793892 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.369827986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.370528936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.370646954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.370670080 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.371445894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.371489048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.371500969 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.372304916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.372486115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.372536898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.373095036 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.373141050 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.373214960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.374015093 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.374154091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.374202013 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.374988079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.375226021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.375274897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.375749111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.375793934 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.375818968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.376558065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.376655102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.376678944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.377506971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.377587080 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.377743959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.378388882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.378423929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.378587008 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.379189014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.379252911 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.379281998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.380151987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.380211115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.380244017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.380903006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.380989075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.381032944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.381727934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.381869078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.381917953 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.382813931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.382849932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.382863045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.383527994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.383589983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.383599043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.384486914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.384556055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.384576082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.473625898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.532181978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.532360077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.532434940 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.532481909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.532610893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.532978058 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.533397913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.533569098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.534373045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.534425020 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.534451962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.534501076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.535080910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.535214901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.536014080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.536060095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.536192894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.536240101 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.536859035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.536992073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.537120104 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.537750006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.537898064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.538551092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.538652897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.538655996 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.538701057 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.539421082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.539484024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.540364027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.540431976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.540471077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.540518045 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.541126966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.541258097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.541318893 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.541999102 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.542094946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.542860031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.542960882 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.542979956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.543025017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.543853998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.543955088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.544653893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.544754982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.544770956 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.544806004 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.545469999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.545552015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.546386003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.546418905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.546436071 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.546473026 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.547211885 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.547277927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.547329903 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.548110008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.548233032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.548898935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.548954010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.549000978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.549098969 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.549787045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.549877882 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.550641060 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.550692081 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.550724983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.550769091 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.551733971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.551831007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.552365065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.552469015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.552481890 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.552520990 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.553209066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.553313971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.553364038 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.554200888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.554248095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.554959059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.554980040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.555002928 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.555054903 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.555809975 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.555989027 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.556035042 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.556685925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.556829929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.556876898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.557528973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.557660103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.558432102 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.558485985 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.558521032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.558568954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.559386015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.559475899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.560159922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.560210943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.560297966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.560343027 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.561032057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.561124086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.561175108 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.561866999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.562011003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.562737942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.562787056 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.562856913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.562902927 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.563682079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.563890934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.564460993 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.564508915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.564508915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.564553976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.565524101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.565635920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.565687895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.566895008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.566910028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.566975117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.567594051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.567728043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.567783117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.568582058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.568655014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.568727970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.569458961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.569477081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.569551945 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.570070028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.570082903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.570130110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.570971012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.571043968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.571093082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.571527958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.571619987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.571669102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.572247982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.572263956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.572329044 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.573091984 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.573167086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.573208094 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.573988914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.574115038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.574158907 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.574841022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.574951887 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.575002909 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.575753927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.575839996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.575881958 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.576562881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.576683998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.577362061 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.577421904 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.725248098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.725426912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.725488901 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.725733995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.725745916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.725904942 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.726506948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.726592064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.726656914 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.727385044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.727442980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.727536917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.728234053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.728415966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.728477001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.729049921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.729167938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.729221106 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.730000019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.730086088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.730145931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.730969906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.731090069 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.731184006 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.731673002 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.731770039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.731829882 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.732549906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.732580900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.732671022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.733386040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.733491898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.734283924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.734332085 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.734357119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.734400034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.735099077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.735218048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.735270977 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.735981941 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.736191034 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.736612082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.736872911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.736938000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.736984015 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.737674952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.737736940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.738579988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.738652945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.738655090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.738697052 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.739438057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.739500999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.740353107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.740401983 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.740416050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.740458012 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.741187096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.741327047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.742088079 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.742136955 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.742223978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.742270947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.742851973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.743002892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.743052959 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.743735075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.743819952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.744699955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.744750023 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.744885921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.745491982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.745542049 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.745656967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.745701075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.746386051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.746454954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.747265100 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.747322083 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.747348070 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.747416973 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.748074055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.748204947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.749001026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.749053955 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.749083996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.749133110 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.749821901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.749891996 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.750648022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.750734091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.750926018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.751672983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.751722097 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.751816988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.751879930 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.752500057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.752634048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.753247023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.753303051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.753381014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.753432035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.754096031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.754327059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.754637957 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.754941940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.755023956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.755175114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.755872965 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.756005049 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.756712914 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.756763935 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.756783009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.756824970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.757536888 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.757668972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.757958889 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.758415937 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.758567095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.759289026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.759362936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.759407043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.759455919 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.760162115 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.760298014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.760994911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.761044025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.761121988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.761171103 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.761893034 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.762211084 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.762651920 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.762779951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.762895107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.763628006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.763678074 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.763813972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.763856888 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.764460087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.764554977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.765372992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.765386105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.765419960 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.765454054 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.766195059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.766280890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.766330957 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.767072916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.767229080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.767278910 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.767935991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.768012047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.768862963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.768894911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.768918991 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.768956900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.769663095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.769798994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.770447016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.770498991 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.917577982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.917665958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.917728901 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.917889118 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.917954922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.918008089 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.918684006 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.918853998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.918894053 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.919599056 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.919691086 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.920569897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.920614958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.920629025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.920677900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.921345949 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.921415091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.921462059 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.922152042 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.922256947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.923149109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.923196077 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.923247099 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.923294067 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.924006939 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.924115896 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.924866915 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.924913883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.924962997 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.924999952 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.925587893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.925667048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.925714970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.926466942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.926534891 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.927337885 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.927390099 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.927454948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.927489996 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.928261995 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.928481102 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.928654909 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.929130077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.929188967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.929897070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.929903030 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.930023909 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.930871010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.930879116 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.930988073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.931488991 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.931636095 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.931801081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.931844950 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.932516098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.932614088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.932784081 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.933387041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.933489084 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.933535099 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.934437990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.934516907 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.934623003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.935308933 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.935354948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.935451984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.936021090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.936183929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.936223030 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.936821938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.936979055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.937134027 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.937732935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.937807083 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.937936068 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.938607931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.938761950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.939455986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.939502001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.939574003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.939614058 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.940314054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.940448046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.941165924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.941210032 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.941277981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.941322088 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.942012072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.942121029 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.942992926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.943043947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.943166971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.943211079 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.944215059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.944376945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.944426060 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.944941044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.945027113 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.945185900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.945684910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.945728064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.945765018 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.946374893 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.946535110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.946578026 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.947251081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.947293043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.947750092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.948072910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.948190928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.948232889 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.949054956 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.949152946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.949196100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.949985981 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.950086117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.950462103 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.950675964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.950792074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.950833082 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.951528072 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.951632023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.951807022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.952379942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.952442884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.952792883 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.953332901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.953383923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.954181910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.954226971 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.954282999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.954322100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.955089092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.955190897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.955491066 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.956474066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.956809044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.957400084 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.957456112 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.957473040 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.957523108 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.958061934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.958159924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.958785057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.958832026 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.958867073 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.958909988 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.959594011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.959688902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.960314035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.960362911 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.960445881 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.960494995 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.961133003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.961252928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.961321115 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:41.962085009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.962219954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.962738991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:41.962790966 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.110466003 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.110518932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.110531092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.110551119 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.110599041 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.110682011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.110835075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.110877991 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.110883951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.111659050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.111710072 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.111845016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.112586021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.112628937 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.112715960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.113440990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.113547087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.113575935 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.114238024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.114281893 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.114406109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.115107059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.115151882 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.115214109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.116185904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.116239071 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.116328001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.116868973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.116916895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.117384911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.117691994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.117749929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.117774010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.118587971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.118663073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.118735075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.119496107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.119550943 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.119612932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.120362043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.120408058 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.120415926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.121165991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.121221066 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.121480942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.123096943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.123163939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.123301029 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.123467922 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.123481035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.123522043 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.124385118 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.124429941 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.124541044 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.125332117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.125375032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.125377893 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.126302004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.126343966 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.126410007 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.126987934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.127032042 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.127079964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.127693892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.127733946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.127734900 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.128353119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.128393888 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.128477097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.129183054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.129224062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.129288912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.130067110 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.130105972 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.130383015 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.130944967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.130990982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.130991936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.131731987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.131793976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.131830931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.132569075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.132642031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.132649899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.133199930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.133243084 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.133295059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.134115934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.134161949 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.134227037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.134998083 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.135042906 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.135129929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.135826111 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.135869026 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.135952950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.136744976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.136785984 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.136921883 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.137686968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.137744904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.137758017 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.138381004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.138420105 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.138506889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.139241934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.139291048 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.139389038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.140182018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.140230894 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.140270948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.140966892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.141011953 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.141091108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.141884089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.141933918 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.141988039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.142838001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.142858028 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.142957926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.143641949 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.143692970 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.143704891 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.144592047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.144648075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.144670963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.145311117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.145390034 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.145474911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.146208048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.146250010 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.146284103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.147051096 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.147099018 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.147161961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.147943974 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.147984982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.148019075 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.148863077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.148916960 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.149051905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.149631977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.149678946 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.149703026 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.150477886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.150527000 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.150585890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.151356936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.151405096 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.151484013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.152220011 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.152271986 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.152384043 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.153109074 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.153162003 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.153187037 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.153953075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.154000998 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.154196978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.154906988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.154963970 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.302098989 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.302118063 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.302192926 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.302438021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.302567005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.302615881 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.303337097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.303430080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.303479910 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.304321051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.304357052 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.304402113 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.305010080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.305139065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.305200100 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.305994987 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.306123972 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.306174040 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.306752920 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.307145119 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.307192087 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.307617903 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.307702065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.307744980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.308490038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.308677912 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.308727980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.309473038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.309606075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.309654951 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.310452938 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.310542107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.310591936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.311239004 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.311342001 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.311471939 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.312283039 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.312428951 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.312477112 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.312900066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.312948942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.312992096 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.313672066 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.313849926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.313896894 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.314522982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.314639091 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.314688921 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.315366983 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.315501928 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.315548897 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.316317081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.316458941 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.316504955 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.317137957 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.317238092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.317282915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.318001032 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.318130016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.318202972 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.318877935 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.319027901 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.319082975 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.320101976 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.320322990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.320363998 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.321034908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.321094990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.321156025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.321734905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.321810961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.321856022 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.322521925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.322577000 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.322633028 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.323462009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.323474884 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.323532104 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.324155092 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.324304104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.324356079 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.324923038 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.325072050 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.325119019 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.325746059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.325900078 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.325946093 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.326642990 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.326836109 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.326879025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.327485085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.327610016 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.327677965 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.328427076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.328445911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.328505993 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.329211950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.329350948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.329421997 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.330131054 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.330244064 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.330286980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.331178904 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.331360102 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.331434965 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.332237959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.332314968 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.332360029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.332964897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.332977057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.333024025 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.333616018 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.333703041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.333750963 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.334423065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.334539890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.334597111 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.335258961 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.335354090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.335417032 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.336108923 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.336297035 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.336369038 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.336967945 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.337074041 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.337132931 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.337873936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.338346958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.338391066 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.338687897 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.338809013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.338865995 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.339622021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.339760065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.339839935 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.340425014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.340569019 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.340617895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.341306925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.341325998 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.341371059 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.342180014 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.342334986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.342376947 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.343188047 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.343266964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.343322039 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.343975067 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.344249010 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.344291925 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.344809055 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.344877958 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.344952106 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.345642090 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.345839024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.345892906 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.346659899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.346709013 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.346782923 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.347374916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.494225025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.494249105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.494384050 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.494529009 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.494625092 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.494635105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.495409012 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.495481014 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.495516062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.496390104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.496449947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.496474981 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.497129917 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.497247934 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.497267962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.498028994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.498095036 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.498161077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.498888969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.498956919 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.499207973 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.499713898 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.499783039 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.499819994 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.500577927 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.500637054 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.500646114 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.501446962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.501503944 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.501528978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.502298117 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.502371073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.502389908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.503171921 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.503238916 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.503247023 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.504108906 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.504156113 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.504266024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.504986048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.505029917 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.505060911 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.505785942 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.505834103 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.505891085 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.506604910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.506654024 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.506654978 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.507486105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.507534027 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.507558107 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.508354902 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.508436918 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.508467913 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.509306908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.509361982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.509362936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.510118008 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.510165930 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.510251999 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.511032104 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.511064053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.511085033 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.511852980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.511902094 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.512051105 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.512720108 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.512769938 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.512800932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.513633966 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.513704062 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.513724089 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.514489889 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.514553070 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.514633894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.515263081 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.515275955 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.515338898 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.516134977 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.516206980 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.516249895 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.516963959 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.517030001 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.517087936 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.517963886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.518019915 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.518384933 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.518858910 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.518903971 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.518928051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.519668102 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.519735098 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.519767046 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.520638943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.520700932 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.520715952 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.521352053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.521426916 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.521550894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.522280931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.522315025 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.522336960 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.523139954 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.523191929 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.523200035 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.523906946 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.523957968 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.524104118 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.524859905 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.524970055 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.524988890 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.525692940 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.525751114 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.525815964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.526601076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.526660919 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.526695967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.527373075 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.527430058 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.527689934 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.528233051 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.528245926 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.528290987 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.529098988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.529160976 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.529206991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.529922962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.529966116 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.529972076 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.530997992 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.531058073 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.531116962 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.531934023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.531985044 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.532140017 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.532557964 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.532572031 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.532618046 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.533380985 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.533497095 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.533580065 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.534286022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.534342051 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.534420967 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.535171986 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.535223007 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.535253048 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.536123991 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.536185980 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.536232948 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.537060022 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.537076950 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.537112951 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.537714005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.537781954 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.537905931 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.538672924 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.538729906 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.538803101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.539426088 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.539482117 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.686243057 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.686273098 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.686316967 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.686604023 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.686636925 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.686677933 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.687423944 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.687577963 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.687652111 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.688347101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.688446045 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.688492060 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.689136982 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.689210892 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.689259052 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.689994097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.690089941 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.690138102 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.690875053 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.690931082 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.690978050 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.691725969 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.691804886 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.691852093 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.692578077 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.692677021 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.692719936 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.693463087 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.693545103 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.693591118 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.694412947 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.694467068 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.694509029 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.695198059 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.695349932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.695391893 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.696232080 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.696388960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.696433067 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.697258949 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.697272062 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.697319031 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.697873116 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.698105097 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.698177099 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.698731899 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.698894978 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.698942900 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.699548960 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.699641943 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.699683905 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.700388908 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.701184988 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.701225042 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.701283932 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.701303005 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.701366901 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.702133894 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.702405930 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.702454090 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.702989101 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.703039885 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.703903913 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.703985929 CET497452845192.168.2.6104.161.43.18
                                                  Dec 17, 2024 20:18:42.827619076 CET284549745104.161.43.18192.168.2.6
                                                  Dec 17, 2024 20:18:42.827645063 CET284549745104.161.43.18192.168.2.6

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:14:18:13
                                                  Start date:17/12/2024
                                                  Path:C:\Users\user\Desktop\RXnQXC1eJa.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\RXnQXC1eJa.exe"
                                                  Imagebase:0x400000
                                                  File size:1'852'928 bytes
                                                  MD5 hash:A98236D225058C446810C392ECFECC6D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:3
                                                  Start time:14:18:30
                                                  Start date:17/12/2024
                                                  Path:C:\Users\user\Desktop\RXnQXC1eJa.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\RXnQXC1eJa.exe"
                                                  Imagebase:0x400000
                                                  File size:1'852'928 bytes
                                                  MD5 hash:A98236D225058C446810C392ECFECC6D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.2340110839.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2343113066.0000000002F80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2342915467.0000000002D60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.2357374549.0000000000A80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:14:18:32
                                                  Start date:17/12/2024
                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\svchost.exe"
                                                  Imagebase:0x7e0000
                                                  File size:46'504 bytes
                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2344675661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2355529979.0000000005360000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.2444562908.0000000003400000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2355830400.0000000005580000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:14:18:33
                                                  Start date:17/12/2024
                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 420
                                                  Imagebase:0xf50000
                                                  File size:483'680 bytes
                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:8
                                                  Start time:14:18:42
                                                  Start date:17/12/2024
                                                  Path:C:\Windows\System32\fontdrvhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                  Imagebase:0x7ff7d9200000
                                                  File size:827'408 bytes
                                                  MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:13
                                                  Start time:14:18:45
                                                  Start date:17/12/2024
                                                  Path:C:\Windows\System32\WerFault.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7732 -s 136
                                                  Imagebase:0x7ff662200000
                                                  File size:570'736 bytes
                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:0.2%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:25%
                                                    Total number of Nodes:20
                                                    Total number of Limit Nodes:2
                                                    execution_graph 48372 447f17 48374 447f20 48372->48374 48373 448078 48374->48373 48375 448777 NtQueryDefaultLocale 48374->48375 48376 44878e 48375->48376 48377 44fbb7 48380 44fbc9 48377->48380 48381 44fbee VirtualProtect 48380->48381 48383 44fce2 48381->48383 48384 44fcbe 48381->48384 48385 44fd48 48383->48385 48390 44fd31 7 API calls 48383->48390 48389 44fcec 7 API calls 48384->48389 48389->48383 48391 451080 48392 45108c 48391->48392 48393 45169b ExitProcess 48392->48393 48394 439bc8 48395 439bff 48394->48395 48396 439c70 VirtualProtect 48395->48396 48397 439ca8 48396->48397

                                                    Executed Functions

                                                    Function 00447F17 Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 466COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DefaultLocaleQuery
                                                    • String ID: L$L$NBM3$Q$W$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 2949231068-641867533
                                                    • Opcode ID: d45d8d2903ed265e0430ed9add330ca8e4a2fb47acce8b118277c18ac72e69a2
                                                    • Instruction ID: 7162b0279355d564ad01390ffeb9452136011e2555e526b91681413f336fc518
                                                    • Opcode Fuzzy Hash: d45d8d2903ed265e0430ed9add330ca8e4a2fb47acce8b118277c18ac72e69a2
                                                    • Instruction Fuzzy Hash: BB02F0B1D046688AF7208B24DC54BEA77B4EF51314F1440FED88E96281EB3D5EC6CB66
                                                    Function 00447EA0 Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 463COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DefaultLocaleQuery
                                                    • String ID: L$L$NBM3$Q$W$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 2949231068-641867533
                                                    • Opcode ID: ba74c9ddb6dc5c6079237d538c79c2de565a02a87be54fa1f011e467333e5605
                                                    • Instruction ID: 65814eeaf187bd66dc0503c2d3834c3d1dd21235cf0aad086cbad8ceae99c319
                                                    • Opcode Fuzzy Hash: ba74c9ddb6dc5c6079237d538c79c2de565a02a87be54fa1f011e467333e5605
                                                    • Instruction Fuzzy Hash: CE0201B1C046688AF7208B24DC54BEB7BB4EF51314F1440FED48A96281EB3D5EC6CB66
                                                    Function 00447EC9 Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 456COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DefaultLocaleQuery
                                                    • String ID: L$L$NBM3$Q$W$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 2949231068-641867533
                                                    • Opcode ID: b6d51ccf7da72c77f13f63bd177068bae1b11f50fe428b658fe94a11ae17e940
                                                    • Instruction ID: f8d2f96e8d91a5e1b304e049411a072d11cd93c98f7a3c23e8d9153ecebf1167
                                                    • Opcode Fuzzy Hash: b6d51ccf7da72c77f13f63bd177068bae1b11f50fe428b658fe94a11ae17e940
                                                    • Instruction Fuzzy Hash: EEF101B1D046688AF7208B24DC54BEB7BB4EF51314F1440FED88E96281E63D5EC6CB66
                                                    Function 0044E6BB Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 452COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 305 44e6bb-44e6d8 307 44e711-44e718 305->307 308 44e6da-44e70c 305->308 309 44e726-44e761 307->309 310 44e71a-44e724 307->310 312 450291-45068a call 45030f call 45031f 308->312 313 44e767-44e76e 309->313 310->313 331 450690-45073f call 450740 312->331 332 450f9c-450fa1 call 450fad 312->332 316 44e7a7-44e984 call 44e96d 313->316 317 44e770-44e7a2 313->317 336 44e995-44e9e0 call 44e9cf 316->336 337 44e986-44e990 316->337 317->312 345 44e9f1-44ea24 call 44ea25 336->345 346 44e9e2-44e9ec 336->346 338 44ec51-44ec8a 337->338 343 44ec90-44ee17 338->343 344 44f59d-44f5b9 call 44f5b7 338->344 357 44ee28-44ee63 call 44ee4e call 44ee68 343->357 358 44ee19-44ee23 343->358 355 44fc9d-44fcbc VirtualProtect 344->355 345->338 346->338 359 44fcfc-44fd02 355->359 360 44fcbe-44fcfa call 44fcec 355->360 361 44f0e4-44f11d 357->361 358->361 363 44fd08-44fd0f 359->363 360->363 367 44f160-44f1be 361->367 368 44f11f-44f15b 361->368 365 44fd11-44fd35 call 44fd31 363->365 366 44fd48-44fd56 call 44fd57 363->366 371 44f1c0-44f1cc 367->371 372 44f1d1-44f1e6 367->372 368->355 378 44f4c2-44f4c9 371->378 379 44f1e8-44f1f4 372->379 380 44f1f9-44f218 372->380 378->344 387 44f4cf-44f518 call 44f4e0 378->387 379->378 384 44f21a-44f226 380->384 385 44f22b-44f23d 380->385 384->378 388 44f250-44f2b9 385->388 389 44f23f-44f24b 385->389 393 44f523-44f52b 387->393 394 44f51e call 44f52c 387->394 395 44f4b6-44f4bc 388->395 396 44f2bf-44f309 388->396 389->378 394->393 395->378 397 44f31a-44f32b 396->397 398 44f331-44f341 397->398 399 44f3cc-44f41d 397->399 398->399 401 44f347-44f398 398->401 402 44f41f-44f429 399->402 403 44f42b-44f482 399->403 404 44f3be 401->404 405 44f39a-44f3bc 401->405 407 44f49a-44f4a1 402->407 410 44f484-44f48e 403->410 411 44f490 403->411 404->397 405->404 409 44f3c5 405->409 412 44f4b1 407->412 413 44f4a3-44f4af 407->413 409->399 410->407 411->407 412->395 413->378
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$^S
                                                    • API String ID: 0-2407095863
                                                    • Opcode ID: 034c8bfc961d86983f952a1ac308e7efb2f27d5266e3ab80b1f9bb24dd13065e
                                                    • Instruction ID: a5c07dee8422e86aaa736abaa80f39f4d60ee771f7ceb40aa0c8230c4b1dd9a6
                                                    • Opcode Fuzzy Hash: 034c8bfc961d86983f952a1ac308e7efb2f27d5266e3ab80b1f9bb24dd13065e
                                                    • Instruction Fuzzy Hash: EE0215A1D086A8CEF7208A25DC44BEB7B75EF51304F1480FAD44D97282DA7E4FC58B26
                                                    Function 0044E7B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 274COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 414 44e7b0-44e984 call 44e96d 422 44e995-44e9e0 call 44e9cf 414->422 423 44e986-44e990 414->423 430 44e9f1-44ea24 call 44ea25 422->430 431 44e9e2-44e9ec 422->431 424 44ec51-44ec8a 423->424 428 44ec90-44ee17 424->428 429 44f59d-44f5b9 call 44f5b7 424->429 442 44ee28-44ee63 call 44ee4e call 44ee68 428->442 443 44ee19-44ee23 428->443 440 44fc9d-44fcbc VirtualProtect 429->440 430->424 431->424 444 44fcfc-44fd02 440->444 445 44fcbe-44fcfa call 44fcec 440->445 446 44f0e4-44f11d 442->446 443->446 448 44fd08-44fd0f 444->448 445->448 452 44f160-44f1be 446->452 453 44f11f-44f15b 446->453 450 44fd11-44fd35 call 44fd31 448->450 451 44fd48-44fd56 call 44fd57 448->451 456 44f1c0-44f1cc 452->456 457 44f1d1-44f1e6 452->457 453->440 463 44f4c2-44f4c9 456->463 464 44f1e8-44f1f4 457->464 465 44f1f9-44f218 457->465 463->429 472 44f4cf-44f518 call 44f4e0 463->472 464->463 469 44f21a-44f226 465->469 470 44f22b-44f23d 465->470 469->463 473 44f250-44f2b9 470->473 474 44f23f-44f24b 470->474 478 44f523-44f52b 472->478 479 44f51e call 44f52c 472->479 480 44f4b6-44f4bc 473->480 481 44f2bf-44f309 473->481 474->463 479->478 480->463 482 44f31a-44f32b 481->482 483 44f331-44f341 482->483 484 44f3cc-44f41d 482->484 483->484 486 44f347-44f398 483->486 487 44f41f-44f429 484->487 488 44f42b-44f482 484->488 489 44f3be 486->489 490 44f39a-44f3bc 486->490 492 44f49a-44f4a1 487->492 495 44f484-44f48e 488->495 496 44f490 488->496 489->482 490->489 494 44f3c5 490->494 497 44f4b1 492->497 498 44f4a3-44f4af 492->498 494->484 495->492 496->492 497->480 498->463
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention
                                                    • API String ID: 0-2907517452
                                                    • Opcode ID: 8d81b3bd81d5a8b9429eb3c54b8f95c561017b1a9a8f12f0179736ed7f95d188
                                                    • Instruction ID: 0d1a13807cd1f140ea7496da98753a87c09ea24f8d06bd9023d3c4ca070855ed
                                                    • Opcode Fuzzy Hash: 8d81b3bd81d5a8b9429eb3c54b8f95c561017b1a9a8f12f0179736ed7f95d188
                                                    • Instruction Fuzzy Hash: 3AB1E2A1D046A8CEFB218A25DC44BEA7B75EF51304F0480FAD44CA7282D67E4FC58F26
                                                    Function 0044E810 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 258COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 499 44e810-44e984 call 44e96d 505 44e995-44e9e0 call 44e9cf 499->505 506 44e986-44e990 499->506 513 44e9f1-44ea24 call 44ea25 505->513 514 44e9e2-44e9ec 505->514 507 44ec51-44ec8a 506->507 511 44ec90-44ee17 507->511 512 44f59d-44f5b9 call 44f5b7 507->512 525 44ee28-44ee63 call 44ee4e call 44ee68 511->525 526 44ee19-44ee23 511->526 523 44fc9d-44fcbc VirtualProtect 512->523 513->507 514->507 527 44fcfc-44fd02 523->527 528 44fcbe-44fcfa call 44fcec 523->528 529 44f0e4-44f11d 525->529 526->529 531 44fd08-44fd0f 527->531 528->531 535 44f160-44f1be 529->535 536 44f11f-44f15b 529->536 533 44fd11-44fd35 call 44fd31 531->533 534 44fd48-44fd56 call 44fd57 531->534 539 44f1c0-44f1cc 535->539 540 44f1d1-44f1e6 535->540 536->523 546 44f4c2-44f4c9 539->546 547 44f1e8-44f1f4 540->547 548 44f1f9-44f218 540->548 546->512 555 44f4cf-44f518 call 44f4e0 546->555 547->546 552 44f21a-44f226 548->552 553 44f22b-44f23d 548->553 552->546 556 44f250-44f2b9 553->556 557 44f23f-44f24b 553->557 561 44f523-44f52b 555->561 562 44f51e call 44f52c 555->562 563 44f4b6-44f4bc 556->563 564 44f2bf-44f309 556->564 557->546 562->561 563->546 565 44f31a-44f32b 564->565 566 44f331-44f341 565->566 567 44f3cc-44f41d 565->567 566->567 569 44f347-44f398 566->569 570 44f41f-44f429 567->570 571 44f42b-44f482 567->571 572 44f3be 569->572 573 44f39a-44f3bc 569->573 575 44f49a-44f4a1 570->575 578 44f484-44f48e 571->578 579 44f490 571->579 572->565 573->572 577 44f3c5 573->577 580 44f4b1 575->580 581 44f4a3-44f4af 575->581 577->567 578->575 579->575 580->563 581->546
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention
                                                    • API String ID: 0-2907517452
                                                    • Opcode ID: 43fcae58bae1fb79c11b7ebbb271fd31ba3400bf24a76a073dd144e21a51a48f
                                                    • Instruction ID: 9ae3db2ec987976a1cdc9622e35820e8910e5bc9772ca17425502ef1e3c63d1d
                                                    • Opcode Fuzzy Hash: 43fcae58bae1fb79c11b7ebbb271fd31ba3400bf24a76a073dd144e21a51a48f
                                                    • Instruction Fuzzy Hash: B0B1D2A1D09698CEFB218A25DC44BEABB75EF51304F0480FAD44C97282D67E5FC58F26
                                                    Function 0044E8E0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 223COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 582 44e8e0-44e984 call 44e96d 589 44e995-44e9e0 call 44e9cf 582->589 590 44e986-44e990 582->590 597 44e9f1-44ea24 call 44ea25 589->597 598 44e9e2-44e9ec 589->598 591 44ec51-44ec8a 590->591 595 44ec90-44ee17 591->595 596 44f59d-44f5b9 call 44f5b7 591->596 609 44ee28-44ee63 call 44ee4e call 44ee68 595->609 610 44ee19-44ee23 595->610 607 44fc9d-44fcbc VirtualProtect 596->607 597->591 598->591 611 44fcfc-44fd02 607->611 612 44fcbe-44fcfa call 44fcec 607->612 613 44f0e4-44f11d 609->613 610->613 615 44fd08-44fd0f 611->615 612->615 619 44f160-44f1be 613->619 620 44f11f-44f15b 613->620 617 44fd11-44fd35 call 44fd31 615->617 618 44fd48-44fd56 call 44fd57 615->618 623 44f1c0-44f1cc 619->623 624 44f1d1-44f1e6 619->624 620->607 630 44f4c2-44f4c9 623->630 631 44f1e8-44f1f4 624->631 632 44f1f9-44f218 624->632 630->596 639 44f4cf-44f518 call 44f4e0 630->639 631->630 636 44f21a-44f226 632->636 637 44f22b-44f23d 632->637 636->630 640 44f250-44f2b9 637->640 641 44f23f-44f24b 637->641 645 44f523-44f52b 639->645 646 44f51e call 44f52c 639->646 647 44f4b6-44f4bc 640->647 648 44f2bf-44f309 640->648 641->630 646->645 647->630 649 44f31a-44f32b 648->649 650 44f331-44f341 649->650 651 44f3cc-44f41d 649->651 650->651 653 44f347-44f398 650->653 654 44f41f-44f429 651->654 655 44f42b-44f482 651->655 656 44f3be 653->656 657 44f39a-44f3bc 653->657 659 44f49a-44f4a1 654->659 662 44f484-44f48e 655->662 663 44f490 655->663 656->649 657->656 661 44f3c5 657->661 664 44f4b1 659->664 665 44f4a3-44f4af 659->665 661->651 662->659 663->659 664->647 665->630
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention
                                                    • API String ID: 0-2907517452
                                                    • Opcode ID: d61c10f051a1d7a5ed44e8e4876873cf1e9dabe804cc58c1ec3918f488a3d3e2
                                                    • Instruction ID: 6c627f06c613ff43ce68455c37be090c95f0526b81419a2ef27335fc0ff221fc
                                                    • Opcode Fuzzy Hash: d61c10f051a1d7a5ed44e8e4876873cf1e9dabe804cc58c1ec3918f488a3d3e2
                                                    • Instruction Fuzzy Hash: 96811FB1D04658DEF7208A25DC84BEB7B69EF41304F1480FAD44D96282DA7E5FC68B26
                                                    Function 0044EC11 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 322COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 666 44ec11-44ec35 667 44ec47 666->667 668 44ec37-44ec41 666->668 670 44ec51-44ec8a 667->670 668->667 669 44e9fd-44ea24 call 44ea25 668->669 669->670 673 44ec90-44ee17 670->673 674 44f59d-44f5b9 call 44f5b7 670->674 683 44ee28-44ee63 call 44ee4e call 44ee68 673->683 684 44ee19-44ee23 673->684 682 44fc9d-44fcbc VirtualProtect 674->682 685 44fcfc-44fd02 682->685 686 44fcbe-44fcfa call 44fcec 682->686 687 44f0e4-44f11d 683->687 684->687 689 44fd08-44fd0f 685->689 686->689 693 44f160-44f1be 687->693 694 44f11f-44f15b 687->694 691 44fd11-44fd35 call 44fd31 689->691 692 44fd48-44fd56 call 44fd57 689->692 697 44f1c0-44f1cc 693->697 698 44f1d1-44f1e6 693->698 694->682 704 44f4c2-44f4c9 697->704 705 44f1e8-44f1f4 698->705 706 44f1f9-44f218 698->706 704->674 713 44f4cf-44f518 call 44f4e0 704->713 705->704 710 44f21a-44f226 706->710 711 44f22b-44f23d 706->711 710->704 714 44f250-44f2b9 711->714 715 44f23f-44f24b 711->715 719 44f523-44f52b 713->719 720 44f51e call 44f52c 713->720 721 44f4b6-44f4bc 714->721 722 44f2bf-44f309 714->722 715->704 720->719 721->704 723 44f31a-44f32b 722->723 724 44f331-44f341 723->724 725 44f3cc-44f41d 723->725 724->725 727 44f347-44f398 724->727 728 44f41f-44f429 725->728 729 44f42b-44f482 725->729 730 44f3be 727->730 731 44f39a-44f3bc 727->731 733 44f49a-44f4a1 728->733 736 44f484-44f48e 729->736 737 44f490 729->737 730->723 731->730 735 44f3c5 731->735 738 44f4b1 733->738 739 44f4a3-44f4af 733->739 735->725 736->733 737->733 738->721 739->704
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles
                                                    • API String ID: 0-2394842646
                                                    • Opcode ID: 26e7d4dc196507cf183c5f691030bbe490220436489de035cb9495a74d1f3cc7
                                                    • Instruction ID: d757a37a0684e3d6235d7c40d1549e405213a2b4cc176dd3d86309ce44a50cea
                                                    • Opcode Fuzzy Hash: 26e7d4dc196507cf183c5f691030bbe490220436489de035cb9495a74d1f3cc7
                                                    • Instruction Fuzzy Hash: 93C122A1D042689EFB208A21DC80BEB7775EF91304F1480FAD44DA7681E63D5FC68B66
                                                    Function 0044EA84 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 281COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 740 44ea84-44eb23 741 44eb25-44eb3b 740->741 742 44eb3d-44eb4d 740->742 743 44eba0-44eba7 741->743 744 44eb53-44eb66 742->744 745 44ea5c-44ea83 call 44ea84 742->745 746 44ebe9-44ec0e call 44ec11 743->746 747 44eba9-44ebe7 743->747 744->745 749 44eb6c-44eb7c 744->749 755 44ec51-44ec8a 746->755 747->755 753 44eb7e-44eb88 749->753 754 44eb8a 749->754 757 44eb94-44eb9a 753->757 754->757 760 44ec90-44ee17 755->760 761 44f59d-44f5b9 call 44f5b7 755->761 757->743 768 44ee28-44ee63 call 44ee4e call 44ee68 760->768 769 44ee19-44ee23 760->769 767 44fc9d-44fcbc VirtualProtect 761->767 770 44fcfc-44fd02 767->770 771 44fcbe-44fcfa call 44fcec 767->771 772 44f0e4-44f11d 768->772 769->772 774 44fd08-44fd0f 770->774 771->774 778 44f160-44f1be 772->778 779 44f11f-44f15b 772->779 776 44fd11-44fd35 call 44fd31 774->776 777 44fd48-44fd56 call 44fd57 774->777 782 44f1c0-44f1cc 778->782 783 44f1d1-44f1e6 778->783 779->767 789 44f4c2-44f4c9 782->789 790 44f1e8-44f1f4 783->790 791 44f1f9-44f218 783->791 789->761 798 44f4cf-44f518 call 44f4e0 789->798 790->789 795 44f21a-44f226 791->795 796 44f22b-44f23d 791->796 795->789 799 44f250-44f2b9 796->799 800 44f23f-44f24b 796->800 804 44f523-44f52b 798->804 805 44f51e call 44f52c 798->805 806 44f4b6-44f4bc 799->806 807 44f2bf-44f309 799->807 800->789 805->804 806->789 808 44f31a-44f32b 807->808 809 44f331-44f341 808->809 810 44f3cc-44f41d 808->810 809->810 812 44f347-44f398 809->812 813 44f41f-44f429 810->813 814 44f42b-44f482 810->814 815 44f3be 812->815 816 44f39a-44f3bc 812->816 818 44f49a-44f4a1 813->818 821 44f484-44f48e 814->821 822 44f490 814->822 815->808 816->815 820 44f3c5 816->820 823 44f4b1 818->823 824 44f4a3-44f4af 818->824 820->810 821->818 822->818 823->806 824->789
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles
                                                    • API String ID: 0-2394842646
                                                    • Opcode ID: b0cb2bcad1d23b94a95d86012f86ec1bc5b9fa49db84ee999ba219609f03ed8b
                                                    • Instruction ID: 054a6fef77a3c3fb8be4fa0128c5b63a140fccfca2d9b283dd829b5d1cea4101
                                                    • Opcode Fuzzy Hash: b0cb2bcad1d23b94a95d86012f86ec1bc5b9fa49db84ee999ba219609f03ed8b
                                                    • Instruction Fuzzy Hash: CAB1F1A1D042689EFB208B25DC80BEB7679FF51304F1480FAD84DA6681E63D5FC5CB66
                                                    Function 0044E96D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 211COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 825 44e96d-44e984 826 44e995-44e9e0 call 44e9cf 825->826 827 44e986-44e990 825->827 834 44e9f1-44ea24 call 44ea25 826->834 835 44e9e2-44e9ec 826->835 828 44ec51-44ec8a 827->828 832 44ec90-44ee17 828->832 833 44f59d-44f5b9 call 44f5b7 828->833 846 44ee28-44ee63 call 44ee4e call 44ee68 832->846 847 44ee19-44ee23 832->847 844 44fc9d-44fcbc VirtualProtect 833->844 834->828 835->828 848 44fcfc-44fd02 844->848 849 44fcbe-44fcfa call 44fcec 844->849 850 44f0e4-44f11d 846->850 847->850 852 44fd08-44fd0f 848->852 849->852 856 44f160-44f1be 850->856 857 44f11f-44f15b 850->857 854 44fd11-44fd35 call 44fd31 852->854 855 44fd48-44fd56 call 44fd57 852->855 860 44f1c0-44f1cc 856->860 861 44f1d1-44f1e6 856->861 857->844 867 44f4c2-44f4c9 860->867 868 44f1e8-44f1f4 861->868 869 44f1f9-44f218 861->869 867->833 876 44f4cf-44f518 call 44f4e0 867->876 868->867 873 44f21a-44f226 869->873 874 44f22b-44f23d 869->874 873->867 877 44f250-44f2b9 874->877 878 44f23f-44f24b 874->878 882 44f523-44f52b 876->882 883 44f51e call 44f52c 876->883 884 44f4b6-44f4bc 877->884 885 44f2bf-44f309 877->885 878->867 883->882 884->867 886 44f31a-44f32b 885->886 887 44f331-44f341 886->887 888 44f3cc-44f41d 886->888 887->888 890 44f347-44f398 887->890 891 44f41f-44f429 888->891 892 44f42b-44f482 888->892 893 44f3be 890->893 894 44f39a-44f3bc 890->894 896 44f49a-44f4a1 891->896 899 44f484-44f48e 892->899 900 44f490 892->900 893->886 894->893 898 44f3c5 894->898 901 44f4b1 896->901 902 44f4a3-44f4af 896->902 898->888 899->896 900->896 901->884 902->867
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles
                                                    • API String ID: 0-2394842646
                                                    • Opcode ID: d1481c007aa17f88e3b92f68dec9932aa4f0b61b0901129b851c64966e3367bc
                                                    • Instruction ID: 2ff828b00d312a633d68db20e75e608d131f4d89a5f546cd5bb5d987e9a87dc8
                                                    • Opcode Fuzzy Hash: d1481c007aa17f88e3b92f68dec9932aa4f0b61b0901129b851c64966e3367bc
                                                    • Instruction Fuzzy Hash: 678112B1D0466C9EF7208A21DC84BEB7769EF51304F1480FAD84D97282DA7E5FC58B26
                                                    Function 0044EF95 Relevance: 2.0, APIs: 1, Instructions: 455memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 28adf9a1488c77082908b739467fe8b6aad34d19b7bd32730ab949ce5a804ed4
                                                    • Instruction ID: cfb0d918d9ccd311e60b5203a89ebc8c49eb2f405c54aef376f4f4813e7001ff
                                                    • Opcode Fuzzy Hash: 28adf9a1488c77082908b739467fe8b6aad34d19b7bd32730ab949ce5a804ed4
                                                    • Instruction Fuzzy Hash: 1E02CCB1D045298BEB24CF24CC90BFAB7B5FB84305F1481FAD809A6681D6385ECACF55
                                                    Function 00438C4F Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 209COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-598879408
                                                    • Opcode ID: d4d4c2c50d660a1013dcb782c589c364a71b824c1d0cceffd5d53a8caf7589ce
                                                    • Instruction ID: 54bda7bf271d36c36b6eff90c5b64f6f127054e80906c0ec4db4e2185882c445
                                                    • Opcode Fuzzy Hash: d4d4c2c50d660a1013dcb782c589c364a71b824c1d0cceffd5d53a8caf7589ce
                                                    • Instruction Fuzzy Hash: D481C0B1D046A89BE7208A24EC54BEA7BB5EF95300F0441FDD44D9B281DA7E0FC5CB96
                                                    Function 0044E9CF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 903 44e9cf-44e9e0 904 44e9f1-44ea24 call 44ea25 903->904 905 44e9e2-44e9ec 903->905 907 44ec51-44ec8a 904->907 905->907 910 44ec90-44ee17 907->910 911 44f59d-44f5b9 call 44f5b7 907->911 920 44ee28-44ee63 call 44ee4e call 44ee68 910->920 921 44ee19-44ee23 910->921 919 44fc9d-44fcbc VirtualProtect 911->919 922 44fcfc-44fd02 919->922 923 44fcbe-44fcfa call 44fcec 919->923 924 44f0e4-44f11d 920->924 921->924 926 44fd08-44fd0f 922->926 923->926 930 44f160-44f1be 924->930 931 44f11f-44f15b 924->931 928 44fd11-44fd35 call 44fd31 926->928 929 44fd48-44fd56 call 44fd57 926->929 934 44f1c0-44f1cc 930->934 935 44f1d1-44f1e6 930->935 931->919 941 44f4c2-44f4c9 934->941 942 44f1e8-44f1f4 935->942 943 44f1f9-44f218 935->943 941->911 950 44f4cf-44f518 call 44f4e0 941->950 942->941 947 44f21a-44f226 943->947 948 44f22b-44f23d 943->948 947->941 951 44f250-44f2b9 948->951 952 44f23f-44f24b 948->952 956 44f523-44f52b 950->956 957 44f51e call 44f52c 950->957 958 44f4b6-44f4bc 951->958 959 44f2bf-44f309 951->959 952->941 957->956 958->941 960 44f31a-44f32b 959->960 961 44f331-44f341 960->961 962 44f3cc-44f41d 960->962 961->962 964 44f347-44f398 961->964 965 44f41f-44f429 962->965 966 44f42b-44f482 962->966 967 44f3be 964->967 968 44f39a-44f3bc 964->968 970 44f49a-44f4a1 965->970 973 44f484-44f48e 966->973 974 44f490 966->974 967->960 968->967 972 44f3c5 968->972 975 44f4b1 970->975 976 44f4a3-44f4af 970->976 972->962 973->970 974->970 975->958 976->941
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID: CPUUsageExceed$DefragmentedFiles
                                                    • API String ID: 544645111-2394842646
                                                    • Opcode ID: eab0452aff8935fa5410a9f015e57a934a09fc2257c561a76de515b2ab14708a
                                                    • Instruction ID: c438a3909463d02a5b72086d3a24f7d484e2c421d41c2e0ad6e92fc39a1ed950
                                                    • Opcode Fuzzy Hash: eab0452aff8935fa5410a9f015e57a934a09fc2257c561a76de515b2ab14708a
                                                    • Instruction Fuzzy Hash: 797116A1D0466CDEF7208A21DC84BEB7A69EF51304F1480FAD44D97282D67E5FC58B27
                                                    Function 0044E960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 977 44e960-44e984 978 44e995-44e9e0 call 44e9cf 977->978 979 44e986-44e990 977->979 986 44e9f1-44ea24 call 44ea25 978->986 987 44e9e2-44e9ec 978->987 980 44ec51-44ec8a 979->980 984 44ec90-44ee17 980->984 985 44f59d-44f5b9 call 44f5b7 980->985 998 44ee28-44ee63 call 44ee4e call 44ee68 984->998 999 44ee19-44ee23 984->999 996 44fc9d-44fcbc VirtualProtect 985->996 986->980 987->980 1000 44fcfc-44fd02 996->1000 1001 44fcbe-44fcfa call 44fcec 996->1001 1002 44f0e4-44f11d 998->1002 999->1002 1004 44fd08-44fd0f 1000->1004 1001->1004 1008 44f160-44f1be 1002->1008 1009 44f11f-44f15b 1002->1009 1006 44fd11-44fd35 call 44fd31 1004->1006 1007 44fd48-44fd56 call 44fd57 1004->1007 1012 44f1c0-44f1cc 1008->1012 1013 44f1d1-44f1e6 1008->1013 1009->996 1019 44f4c2-44f4c9 1012->1019 1020 44f1e8-44f1f4 1013->1020 1021 44f1f9-44f218 1013->1021 1019->985 1028 44f4cf-44f518 call 44f4e0 1019->1028 1020->1019 1025 44f21a-44f226 1021->1025 1026 44f22b-44f23d 1021->1026 1025->1019 1029 44f250-44f2b9 1026->1029 1030 44f23f-44f24b 1026->1030 1034 44f523-44f52b 1028->1034 1035 44f51e call 44f52c 1028->1035 1036 44f4b6-44f4bc 1029->1036 1037 44f2bf-44f309 1029->1037 1030->1019 1035->1034 1036->1019 1038 44f31a-44f32b 1037->1038 1039 44f331-44f341 1038->1039 1040 44f3cc-44f41d 1038->1040 1039->1040 1042 44f347-44f398 1039->1042 1043 44f41f-44f429 1040->1043 1044 44f42b-44f482 1040->1044 1045 44f3be 1042->1045 1046 44f39a-44f3bc 1042->1046 1048 44f49a-44f4a1 1043->1048 1051 44f484-44f48e 1044->1051 1052 44f490 1044->1052 1045->1038 1046->1045 1050 44f3c5 1046->1050 1053 44f4b1 1048->1053 1054 44f4a3-44f4af 1048->1054 1050->1040 1051->1048 1052->1048 1053->1036 1054->1019
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CPUUsageExceed$DefragmentedFiles
                                                    • API String ID: 0-2394842646
                                                    • Opcode ID: 1d13a3261393a3f4b87e2a5f91c6be8a2027360b0ac492eb7522c0c3662a5ca9
                                                    • Instruction ID: 3db6cf24d5a8a6a011891595f3b6e3dc4a7902c2bcd85591b6349279ee92345b
                                                    • Opcode Fuzzy Hash: 1d13a3261393a3f4b87e2a5f91c6be8a2027360b0ac492eb7522c0c3662a5ca9
                                                    • Instruction Fuzzy Hash: 277155A1D0466C9EF7208A21DC84BEB7B69EF51304F1480FAD44D97282D67E4FC58B27
                                                    Function 00450B0B Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 368COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1055 450b0b-450b1c 1056 450b5f-450bbd 1055->1056 1057 450b1e-450b5a call 450b3f 1055->1057 1058 450bd0-450be5 1056->1058 1059 450bbf-450bcb 1056->1059 1074 45169b-45169d ExitProcess 1057->1074 1062 450be7-450bf3 1058->1062 1063 450bf8-450c17 1058->1063 1061 450ec1-450ec8 1059->1061 1065 450f9c-450fa1 call 450fad 1061->1065 1066 450ece-450f59 1061->1066 1062->1061 1067 450c19-450c25 1063->1067 1068 450c2a-450c3c 1063->1068 1066->1065 1083 450f5b-450f97 1066->1083 1067->1061 1070 450c4f-450cb8 1068->1070 1071 450c3e-450c4a 1068->1071 1077 450eb5-450ebb 1070->1077 1078 450cbe-450d08 1070->1078 1071->1061 1077->1061 1079 450d19-450d2a 1078->1079 1081 450d30-450d40 1079->1081 1082 450dcb-450e1c 1079->1082 1081->1082 1084 450d46-450d97 1081->1084 1085 450e1e-450e28 1082->1085 1086 450e2a-450e81 1082->1086 1083->1065 1083->1074 1096 450dbd 1084->1096 1097 450d99-450dbb 1084->1097 1087 450e99-450ea0 1085->1087 1090 450e83-450e8d 1086->1090 1091 450e8f 1086->1091 1092 450eb0 1087->1092 1093 450ea2-450eae 1087->1093 1090->1087 1091->1087 1092->1077 1093->1061 1096->1079 1097->1096 1098 450dc4 1097->1098 1098->1082
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: Disk Speedup
                                                    • API String ID: 621844428-1353793405
                                                    • Opcode ID: 4fd43510dfb9b268136f23bcfc74b6aa264fb7f038af2253737876d53c160900
                                                    • Instruction ID: a8c9f1f44f4fec3bf094e508f85f4c3e282673733d05bce29bdf7afac5238293
                                                    • Opcode Fuzzy Hash: 4fd43510dfb9b268136f23bcfc74b6aa264fb7f038af2253737876d53c160900
                                                    • Instruction Fuzzy Hash: A7E1C2B5D042698FEB20CB14DC84BEAB775EB84316F1441EAD80D67342D6396ECACF41
                                                    Function 004394AA Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 175memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1100 4394aa-43951b 1104 43955e-439c43 call 43956e call 4395e0 1100->1104 1105 43951d-439559 call 439538 call 43954b 1100->1105 1114 439c49-439ca6 call 439c56 call 439c77 VirtualProtect 1104->1114 1105->1114 1124 439ca8-439cc9 call 439cca 1114->1124 1125 439cee-439cfa 1114->1125 1127 439d0b-439d65 1125->1127
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID: W
                                                    • API String ID: 544645111-3182507374
                                                    • Opcode ID: 14fad75d570db03506a84e100530b0cbd06733f7c208efc6b780c20958b2c7d1
                                                    • Instruction ID: 725254d2cb139c66a07544df1a7105f07bf7daef63dc9bbbc24232eb1a347ee9
                                                    • Opcode Fuzzy Hash: 14fad75d570db03506a84e100530b0cbd06733f7c208efc6b780c20958b2c7d1
                                                    • Instruction Fuzzy Hash: 5D5137F2D04228ABE7248B24DC95AEA7778EB85314F1051BED40E97640DA7D5FC2CF92
                                                    Function 00451010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: Disk Speedup
                                                    • API String ID: 621844428-1353793405
                                                    • Opcode ID: 0c64a58c88e1b70e95b69557a514c73989eef9c30f5b90191d4e98ba6f7769cb
                                                    • Instruction ID: 44d3639d5e52b30496fb9a9e30c76beda124cd035b041e86a541d9cd3ab14f2f
                                                    • Opcode Fuzzy Hash: 0c64a58c88e1b70e95b69557a514c73989eef9c30f5b90191d4e98ba6f7769cb
                                                    • Instruction Fuzzy Hash: 9C11E1F1D041549FF7208A00CC15BAA7778EB81301F1800FBD8499AA92D27DAECA8E62
                                                    Function 00451080 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: Disk Speedup
                                                    • API String ID: 621844428-1353793405
                                                    • Opcode ID: 732d6372a6174228c994801a2ab68675d4e1d8b1012e1cf24e0e5908eb35c66e
                                                    • Instruction ID: 31256ffd8982f1811092b6358f8fffbe967152a69804ea12c2e0457a85e672fa
                                                    • Opcode Fuzzy Hash: 732d6372a6174228c994801a2ab68675d4e1d8b1012e1cf24e0e5908eb35c66e
                                                    • Instruction Fuzzy Hash: 1011C4F1D001659FF7248A00CC55BBA7778EF91311F1400FAE84D96691D67D6EC68E62
                                                    Function 00439850 Relevance: 1.7, APIs: 1, Instructions: 209memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: fdcca6a450ddac556714cacba9feca364a4b9fd2d2696cdffa2ada5689d57bc1
                                                    • Instruction ID: d907ecc0baa8011f36e632ceab039de2000f8c7111a8c24f31362e1d417809c1
                                                    • Opcode Fuzzy Hash: fdcca6a450ddac556714cacba9feca364a4b9fd2d2696cdffa2ada5689d57bc1
                                                    • Instruction Fuzzy Hash: 827114B1D042249FE724CB24DC91AEA7775EF99300F1082FAD409A7241E6795EC6CF56
                                                    Function 004508A3 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 64f95daedf27aa8d658ec165ef0bd4d5e11c2edbd1b43a898310ef851417b9ca
                                                    • Instruction ID: 3692a2676f21f5bff39e20de157da2c8a2fbdee05d48cf11ae2ea247df981562
                                                    • Opcode Fuzzy Hash: 64f95daedf27aa8d658ec165ef0bd4d5e11c2edbd1b43a898310ef851417b9ca
                                                    • Instruction Fuzzy Hash: DC61E2B5C0026A8AEB208B15CC80BFEB775EF50315F1480FAD84D96A92E7384EC9CB55
                                                    Function 0044EEBE Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 3e0b543b02b3f4ac2a299637eb2e295d8f0ab630ba416c632498cf794c697361
                                                    • Instruction ID: 1e43f0891284895132df010470b9a7e7072539c9b672f8d6aa353f3965e875f9
                                                    • Opcode Fuzzy Hash: 3e0b543b02b3f4ac2a299637eb2e295d8f0ab630ba416c632498cf794c697361
                                                    • Instruction Fuzzy Hash: CE5106A2D041259EF7208B25DC84BFB7779EF85304F1480FAE84DA2641E6395ACA8F56
                                                    Function 0044F925 Relevance: 1.7, APIs: 1, Instructions: 165memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: c8703330a156f543629423c045d8eb077702687ad1b7a90a0a6d1419a79da618
                                                    • Instruction ID: a835e4ae3ec0061c37b5d3c19517aa47df5897b8da64a1c263f28fd77cc0da6c
                                                    • Opcode Fuzzy Hash: c8703330a156f543629423c045d8eb077702687ad1b7a90a0a6d1419a79da618
                                                    • Instruction Fuzzy Hash: 9E714AB4D042688BEB24CF14CC90BEAB7B6BB85304F1481EAD84967341D7399ED5CF5A
                                                    Function 004397B1 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bba6d5b60bb9d47cac9a86050ee1c44e76aab781df9e81190268e2ef7c8baf61
                                                    • Instruction ID: a0114e724347bcfbac37d6edb3a4598a69fda711305eb059064aceb04003bb3e
                                                    • Opcode Fuzzy Hash: bba6d5b60bb9d47cac9a86050ee1c44e76aab781df9e81190268e2ef7c8baf61
                                                    • Instruction Fuzzy Hash: 035133B1D052259FEB248B20CC55AEABB74EF99304F1041FAD40A67281E6795EC2CF46
                                                    Function 00450861 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: ee23b93c28958229fdb3ac6840683c82976ce75a45a4e870863a270fb29881b4
                                                    • Instruction ID: eac2c692dea26a4d26e38849c63dfce267619729f72294e7bce272a46b34bd7a
                                                    • Opcode Fuzzy Hash: ee23b93c28958229fdb3ac6840683c82976ce75a45a4e870863a270fb29881b4
                                                    • Instruction Fuzzy Hash: 1B5124A5C0466A8FE7208B64CC94BFABB74EF90305F1440FFD80D56A52E6390EC9CB56
                                                    Function 00439A16 Relevance: 1.6, APIs: 1, Instructions: 142memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 5286e47dad25cad7ec70579f65a6c1ae0d8fe3809d2b2db6a1811a58f723ae29
                                                    • Instruction ID: 30d2ec6cf264864ac50d5a4abd52327726cb4ccdd93db826cb67a9ef2e56eb97
                                                    • Opcode Fuzzy Hash: 5286e47dad25cad7ec70579f65a6c1ae0d8fe3809d2b2db6a1811a58f723ae29
                                                    • Instruction Fuzzy Hash: 4C51CC71D042689BDB24CB24CCD0AEAB7B0FB89305F1491EAD80AA7241D67D6FC1CF55
                                                    Function 004393A9 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 0c26577923b037427b16772de086494c872d237b9d70b30eaef09b0d52c5a6f4
                                                    • Instruction ID: 3c6d116d449cbe2b203d8c357a58d544be9b1765e41a471073b1e97f3acc132a
                                                    • Opcode Fuzzy Hash: 0c26577923b037427b16772de086494c872d237b9d70b30eaef09b0d52c5a6f4
                                                    • Instruction Fuzzy Hash: 324159B2C082556FE7249B20CC91AEB37B8EB05304F1451FFE94A92241D57D9FC68F56
                                                    Function 00439110 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 644bf92dfd0e83978af573d98dbf66e94b8eadb988fd6d40e25687878d8aab9b
                                                    • Instruction ID: c186c5dd3ecc2ed36c40f0bfc0e533b8d60e1968846300e1053af573a8a75dbf
                                                    • Opcode Fuzzy Hash: 644bf92dfd0e83978af573d98dbf66e94b8eadb988fd6d40e25687878d8aab9b
                                                    • Instruction Fuzzy Hash: BD4147B2C09214AFE7258B20CC94AEA7BB8EB45300F1451FFE54A96181D6394FC6CE56
                                                    Function 0043941A Relevance: 1.6, APIs: 1, Instructions: 116memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: ad4e470abe48b35e57dda399f95556348dfdfcd8c94728a4f346b8241291e8f7
                                                    • Instruction ID: 991071095e8289cdfb1875a9d97b6958f4ce46d85b565372afa9dc4e6a8340d6
                                                    • Opcode Fuzzy Hash: ad4e470abe48b35e57dda399f95556348dfdfcd8c94728a4f346b8241291e8f7
                                                    • Instruction Fuzzy Hash: AC416AB1C08254AFEB248B64CC90AEB77B8EB05314F1461EFD44A92181DA7D5FC6CF16
                                                    Function 00439621 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 65cc04cab89e15ca1e8b6bb0683915046246a1fc8dfc4bb402ec3acf967745a2
                                                    • Instruction ID: eba095f94381d58701b7ef55d3c2d8537852f9d86362f48a04a1c834ddf08267
                                                    • Opcode Fuzzy Hash: 65cc04cab89e15ca1e8b6bb0683915046246a1fc8dfc4bb402ec3acf967745a2
                                                    • Instruction Fuzzy Hash: 1A3101F2D01124AFF7248A20DC54BEA7B78EB95310F0451BEE84A67240DA7D4EC6CE92
                                                    Function 004395C3 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 5d34757ee6babc7345e81bcdc8e4dbf6fe6b6b31cf39d10c50aac2debe9e01b3
                                                    • Instruction ID: d697d60a22660dc5892fb38805a3b486bbd0a2a52ae512908afe219310beb183
                                                    • Opcode Fuzzy Hash: 5d34757ee6babc7345e81bcdc8e4dbf6fe6b6b31cf39d10c50aac2debe9e01b3
                                                    • Instruction Fuzzy Hash: 903124F2D05628AFE7208A20DC50BEA7B74EB95304F0551FED50E67240EA7D4FC28E92
                                                    Function 0044EE68 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: b0d6d7eeaa91602574a5f8d6a697e2312bfb5e8c6ce846877ef3e160e916f153
                                                    • Instruction ID: 3ffa62efaba4c38fbb44449bbf8510e68fba313bd54b94571cc2890e0802ad43
                                                    • Opcode Fuzzy Hash: b0d6d7eeaa91602574a5f8d6a697e2312bfb5e8c6ce846877ef3e160e916f153
                                                    • Instruction Fuzzy Hash: 47315BE2D14619AFF7108A21DCC9FBB362CFB81314F1480BBE94A51580E93C0ECACA57
                                                    Function 004391DB Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: d13ec9a750b34f8362addbcd8c1373ecfe9b0f0fc1c41da5d9086e33c3dcbc87
                                                    • Instruction ID: 6498db121381221b8da7b259fb0400d801ec20f984732e8cc6f1c2ccfc2936c5
                                                    • Opcode Fuzzy Hash: d13ec9a750b34f8362addbcd8c1373ecfe9b0f0fc1c41da5d9086e33c3dcbc87
                                                    • Instruction Fuzzy Hash: 4D3159B2C08214ABE7249B74CC91AEB37B8EB05314F1460FFE94AA2141D57D8FC68F56
                                                    Function 004391A9 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: c07191795e27a45efdae00c88b837fae4de3c3e9347a017892699336ae39605a
                                                    • Instruction ID: 4affc22904a3476430b8a8acb47b62374033872ee6624a199ab211775dbf5c8d
                                                    • Opcode Fuzzy Hash: c07191795e27a45efdae00c88b837fae4de3c3e9347a017892699336ae39605a
                                                    • Instruction Fuzzy Hash: 413159B2C08214ABE7249B64CC91AEB37B8EB05314F1460FFE94AA2141D57D8FC68F56
                                                    Function 00439200 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 3dbae1594be6f7dd928f0ab85cb5fa24e58b0bc765e7e6ddd576a44589495f8c
                                                    • Instruction ID: 45075927efd9ada6e5c49bf2bdcd5edc6da830f679d5f53913fee131c35b17b0
                                                    • Opcode Fuzzy Hash: 3dbae1594be6f7dd928f0ab85cb5fa24e58b0bc765e7e6ddd576a44589495f8c
                                                    • Instruction Fuzzy Hash: 463159B2C08214ABE7249B64CC91AEB37B8EB05314F1461FFE94AA2141D57D8FC68F56
                                                    Function 0043986B Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: c44d0ae4c390ab7aacccc0719afcd42ec83c392a930c3dc63cc96ca2c06902d5
                                                    • Instruction ID: 246f3ae00e5993bada719eb86dde97f07b2460a8c274b3c8db2533b57bdcde19
                                                    • Opcode Fuzzy Hash: c44d0ae4c390ab7aacccc0719afcd42ec83c392a930c3dc63cc96ca2c06902d5
                                                    • Instruction Fuzzy Hash: 6931D2F2E00128AFE7248B14CC90BEA7779FB85300F1451EDD50967240DB795EC28F55
                                                    Function 00450740 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: fac3e970dc351d84f5bd6036171b785449f05435fb9c741125ea601dd844db6c
                                                    • Instruction ID: f2f01f88c972ae40df67ceab7102d379de9d9aa3f80285491b1fd27659fddcb6
                                                    • Opcode Fuzzy Hash: fac3e970dc351d84f5bd6036171b785449f05435fb9c741125ea601dd844db6c
                                                    • Instruction Fuzzy Hash: 7041E874D0A6EDCEFB21C764CC947D9BFB1AB52705F1400EAC4881A153C6790BD9CB66
                                                    Function 0044FBC9 Relevance: 1.6, APIs: 1, Instructions: 91memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 4634de2ebe0ebcce12b032ee46eaa474a0b619c88445a5f40c3604414c052324
                                                    • Instruction ID: 0622220171e20564a1406ca8225aa71947d39fbbbb0cb70bcc6d4a699af28b8e
                                                    • Opcode Fuzzy Hash: 4634de2ebe0ebcce12b032ee46eaa474a0b619c88445a5f40c3604414c052324
                                                    • Instruction Fuzzy Hash: A531F2B1D045698BFB208B21DDC4BEB77B9BB85305F2440FAD84E56241DA3C5ECA8F16
                                                    Function 0045074F Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 879995abc0bac690eeddbe9c858a41d747504ed074829e3b8f549a0c6abdd94c
                                                    • Instruction ID: 010d1f3c616e80b8f4fac73e81bba8b2ff43aed6f1f6709d9ed0c718f9bf3237
                                                    • Opcode Fuzzy Hash: 879995abc0bac690eeddbe9c858a41d747504ed074829e3b8f549a0c6abdd94c
                                                    • Instruction Fuzzy Hash: 07311A70D096E9CEFB11C764CC547D9BFB19B52305F0400EAC4481A153C6790BD9CF62
                                                    Function 00439823 Relevance: 1.6, APIs: 1, Instructions: 87memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: e4160ed717f0f6abf1defb56401c58ee499d0ab70f28a8e3cd145929de96f613
                                                    • Instruction ID: 26ccd968585249884fe3db83b1a6f395eaac15ae52a9af6490365336579476ed
                                                    • Opcode Fuzzy Hash: e4160ed717f0f6abf1defb56401c58ee499d0ab70f28a8e3cd145929de96f613
                                                    • Instruction Fuzzy Hash: 5A3104F2D01124AFF7248A24DC50AEA7B79EBD5300F0451BED90E67640EA7D5FC28E92
                                                    Function 004394B5 Relevance: 1.6, APIs: 1, Instructions: 84memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 061638c24a6434e9d98b49df978001bb53175792210f277e801f803a5417ffdd
                                                    • Instruction ID: d3ae285dc5dae3630e64d8d9e4b7262ce1f0b14fb533b5a3b7d66ccfbea40dcb
                                                    • Opcode Fuzzy Hash: 061638c24a6434e9d98b49df978001bb53175792210f277e801f803a5417ffdd
                                                    • Instruction Fuzzy Hash: F12145B2C08264ABE7219B34CC809DA7BA8EB05304F1461FEE54AE3141D57D8FC28B16
                                                    Function 0044F53B Relevance: 1.6, APIs: 1, Instructions: 82memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDB), ref: 0044FCB4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 10bc83408a543e588c3496e5ba11f25302d16965aac4f3edc211469ff01473b9
                                                    • Instruction ID: 772c87d60ffea1675bedafdfe39a74c1ef69d5c1292c1234d3e2208c1cf22db7
                                                    • Opcode Fuzzy Hash: 10bc83408a543e588c3496e5ba11f25302d16965aac4f3edc211469ff01473b9
                                                    • Instruction Fuzzy Hash: 7B2100F2D441296BF7205A119CC4FDB7B6CEB05314F1440B6ED4E92141E93D9ACA8A97
                                                    Function 00450803 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: eeedca64b7f34a60b10592581de28e6d98deebf8edbbacba66593d9caf69e89b
                                                    • Instruction ID: e6beb7880713418a3f47b8b3e03d732dc7ab3adafd24552411d423fbf5d49cf5
                                                    • Opcode Fuzzy Hash: eeedca64b7f34a60b10592581de28e6d98deebf8edbbacba66593d9caf69e89b
                                                    • Instruction Fuzzy Hash: 462148A5C056944FEB118B60CCD9BBA7B74EB9131AF2441FBC80909083D6791DDBCB42
                                                    Function 00439BC8 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 6e726c5d5bd8a4aa5c989bc611a0c3fbe778ff2d2db2c39e9f3ba36d8a89f5c6
                                                    • Instruction ID: 0f2206242ab45985a650413e3f9cacc3a5e8d7a87c1290546b36010767a0ab87
                                                    • Opcode Fuzzy Hash: 6e726c5d5bd8a4aa5c989bc611a0c3fbe778ff2d2db2c39e9f3ba36d8a89f5c6
                                                    • Instruction Fuzzy Hash: 2221C5B1D041599FEB348B20DCA1AF977B0AB45304F1462EED45AA3241DA795FC1CF05
                                                    Function 00450A5D Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: d8c4936637a929d415abac20a172e5d875689bbad2caa825f46b0cc4a63521e3
                                                    • Instruction ID: 210d06295058386884844fb61b9188eaac30fe0acd04a0a4146e9cc0cd3ffdaa
                                                    • Opcode Fuzzy Hash: d8c4936637a929d415abac20a172e5d875689bbad2caa825f46b0cc4a63521e3
                                                    • Instruction Fuzzy Hash: 5C0149958092955FD7118774CCD97AABF65DF92306F2000FFC44A0A053D92809DBC607
                                                    Function 00439108 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 87030617ff6f889ecc189c2332c57ea8e4c33b7780ab14c0db62e03832f2291c
                                                    • Instruction ID: 44d02fa9b4a85e20b6d67653a9c18749db96cc04b0a10008007f8cbbe30b153e
                                                    • Opcode Fuzzy Hash: 87030617ff6f889ecc189c2332c57ea8e4c33b7780ab14c0db62e03832f2291c
                                                    • Instruction Fuzzy Hash: 220147B2804154AEE7249770CC91AEA37A8EB04300F0465AEE506E3140D9BE8FC28F16
                                                    Function 00439963 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: ca942b76ce405c9d3ee93d9b0dfaeeb99f6c8d9bef0314f2b8e665c56af0d312
                                                    • Instruction ID: 78f2f630bce834b39ae2a0ba4c121c2e16955b92f707c4858b5ba3db2bdebf57
                                                    • Opcode Fuzzy Hash: ca942b76ce405c9d3ee93d9b0dfaeeb99f6c8d9bef0314f2b8e665c56af0d312
                                                    • Instruction Fuzzy Hash: 0F01F5B2D04255AFE7249B60CCA19FA7774FB44304F0425EEE50AA3241DABD5F828F16
                                                    Function 00439995 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: 2e574207169991a22193a78636e9ec93e3785960efdb51b1c5b71a698bfd5287
                                                    • Instruction ID: cc9723605f62313b30b5fd749f73df74b20ffdbe1c331fd43b6a55cfc07d896d
                                                    • Opcode Fuzzy Hash: 2e574207169991a22193a78636e9ec93e3785960efdb51b1c5b71a698bfd5287
                                                    • Instruction Fuzzy Hash: 0001F5B2D04255AFE7249B60CCA19EA77B4FB08304F0425EEE50AA3241D6BD5F828F16
                                                    Function 004399BA Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: a1275959663271b493e97f8199167c1ff5540f10acb909a255bc9757c7c117bf
                                                    • Instruction ID: 3d8c39d4cd8bde9a85d389dadfccc00e6cb9707d13ca14ff9373bb5e002dc225
                                                    • Opcode Fuzzy Hash: a1275959663271b493e97f8199167c1ff5540f10acb909a255bc9757c7c117bf
                                                    • Instruction Fuzzy Hash: 7F0145B2C04215AFE7249B20CCA19EA37B4FB44300F0461EEE50AA3200D6BD5F828F16
                                                    Function 0043954B Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439C9E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: d90ab2a44249485539418b1ed2260c2b842434177c90edfc99dfe7b231bca500
                                                    • Instruction ID: 27c9601e9ca7c318692fbeb41ec2b412a21fad21afc876c9c22ba76c1ec633e9
                                                    • Opcode Fuzzy Hash: d90ab2a44249485539418b1ed2260c2b842434177c90edfc99dfe7b231bca500
                                                    • Instruction Fuzzy Hash: E2012BB2D04154AFE7249760DC51AEA37A8EB05304F1465EEE547E3140D5BE9FC28F16
                                                    Function 00450B3F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: f5326e5eafcaf7751422bc7587399e20920c096c33a25dda8d74c3412a9ed539
                                                    • Instruction ID: 018cebb34008afffe0ec72db8782ef9371e8d57b3e155685d0c97a8bc3ee0b82
                                                    • Opcode Fuzzy Hash: f5326e5eafcaf7751422bc7587399e20920c096c33a25dda8d74c3412a9ed539
                                                    • Instruction Fuzzy Hash: 62C08CA55051408FE310CA15DD4AB6DAB34ABC0322F2480B3E40E14042A5380ACB8E0B

                                                    Non-executed Functions

                                                    Function 0041FAB0 Relevance: 47.5, APIs: 7, Strings: 20, Instructions: 275windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                    • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                    • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                    • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                    • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                    • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                    • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$InfoItem
                                                    • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131
                                                    • API String ID: 1040333723-179025603
                                                    • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                    • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                    • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                    • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                    Function 0041B4B0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 135serviceCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,7376EA83), ref: 0041B4C2
                                                    • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,7376EA83), ref: 0041B4DD
                                                    • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,7376EA83), ref: 0041B4EA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: OpenService$CloseHandleManager
                                                    • String ID: VSS
                                                    • API String ID: 4136619037-4102325705
                                                    • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                    • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                    • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                    • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                    Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                    • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                    • API String ID: 295610168-2526466113
                                                    • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                    • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                    • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                    • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                    Function 00437220 Relevance: 29.0, Strings: 23, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                    • API String ID: 0-215400123
                                                    • Opcode ID: 615a126bde009433a578aa9a663b0bcae25b454de9f64943e071bd84b6fd7bf4
                                                    • Instruction ID: c886964f9f37e5e86b39de12b5ae8ce63866db26ee230ce1fddd0208ba02283f
                                                    • Opcode Fuzzy Hash: 615a126bde009433a578aa9a663b0bcae25b454de9f64943e071bd84b6fd7bf4
                                                    • Instruction Fuzzy Hash: 7891D571D082989AF7208A24DC547EA76B5EF65304F0880FDD14D9B391DA7F0FC68B6A
                                                    Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitialize.OLE32(00000000), ref: 004197EE
                                                    • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                    • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                    • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                    • CoUninitialize.OLE32 ref: 004198B6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                    • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                    • API String ID: 3575674281-2330458756
                                                    • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                    • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                    • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                    • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                    Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                    • API String ID: 2174522762-3670384684
                                                    • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                    • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                    • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                    • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                    Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                    • API String ID: 2174522762-3670384684
                                                    • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                    • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                    • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                    • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                    Function 0044D59A Relevance: 16.5, Strings: 13, Instructions: 240COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 3N48$L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-2951594978
                                                    • Opcode ID: 025e248830eeb9a57a00aade4a63a54c1ce63e1cd2c1f7de064343ef312372cd
                                                    • Instruction ID: ae78c9071c3847a8b9b4234fa12474eb87c1021e541f8727e8c2d4ace9d803a8
                                                    • Opcode Fuzzy Hash: 025e248830eeb9a57a00aade4a63a54c1ce63e1cd2c1f7de064343ef312372cd
                                                    • Instruction Fuzzy Hash: 2291F4A1D046A98AF7208B25DC04BFABBB1EF91304F1480FAD44DA7341DA7D5FC58B56
                                                    Function 004374A9 Relevance: 15.4, Strings: 12, Instructions: 399COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: 10af225719bfa39627d059e425d728bfdbbf1fa4feed7275e123e3cb2b8a2130
                                                    • Instruction ID: 34482f845a14e8b7ebf9c29bc1204174fd73950415ffeea7f98ee0d7dad3d39a
                                                    • Opcode Fuzzy Hash: 10af225719bfa39627d059e425d728bfdbbf1fa4feed7275e123e3cb2b8a2130
                                                    • Instruction Fuzzy Hash: 54F100B1D081688AE7248B24DC44BFAB6B5EF94310F1481FED84D97281EA795EC2CB56
                                                    Function 00437292 Relevance: 15.2, Strings: 12, Instructions: 223COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: a86c8c7ea9fd859e9fd8f151c93c42a91111b522fedca748f0b2df6649c22ff4
                                                    • Instruction ID: 63e7c04c2380a15e16d6e48d5fa32a4b0fc747139ba169aff0b0ad579ecb2f01
                                                    • Opcode Fuzzy Hash: a86c8c7ea9fd859e9fd8f151c93c42a91111b522fedca748f0b2df6649c22ff4
                                                    • Instruction Fuzzy Hash: 2A91E2B1D081589AF7248A24DC547FA7679EFA4300F0890FDD54D97390D67E4FC28BAA
                                                    Function 0043745F Relevance: 15.2, Strings: 12, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: 75eebb3df7fded86b3fdca81f15274575ff783520b83bec72221761b0ab8c80e
                                                    • Instruction ID: d148ddba6af31864677f656e159f7da883ddae39c94a1589ceec2cdbcc329ccc
                                                    • Opcode Fuzzy Hash: 75eebb3df7fded86b3fdca81f15274575ff783520b83bec72221761b0ab8c80e
                                                    • Instruction Fuzzy Hash: 5291C0B1D081589AF7248B28DC44BFAB6B5EF54310F1481FED58D97280EA7A0FC68F56
                                                    Function 00437281 Relevance: 15.2, Strings: 12, Instructions: 207COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: bffd0a10b66017cb641f185951fa3829037cddb2e2a13f6278c1a284d9a3ea64
                                                    • Instruction ID: 4516d24232a1ba783d26a883b8889adfb5df198bc5b75ee75f5ea6b7cc4ead24
                                                    • Opcode Fuzzy Hash: bffd0a10b66017cb641f185951fa3829037cddb2e2a13f6278c1a284d9a3ea64
                                                    • Instruction Fuzzy Hash: AD81F5B1D181589AF7248A24DC547EA76B9EF94300F0890FDD54D97390D67F0FC28B5A
                                                    Function 004372AB Relevance: 15.2, Strings: 12, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: 9b69cb94ee81798621ced7782220574bec39effc94166501972b08f2604b553a
                                                    • Instruction ID: 9c0f5061aaf5f6cd74c2d10927596beaac411c217bd2b6d4563a8fe189c65398
                                                    • Opcode Fuzzy Hash: 9b69cb94ee81798621ced7782220574bec39effc94166501972b08f2604b553a
                                                    • Instruction Fuzzy Hash: C181E0B1D182589AF7248A24DC547EA76B9EF94300F0890FDD14D97390DA7E0FC28B6A
                                                    Function 004374EF Relevance: 15.2, Strings: 12, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: c08a7b93100f729f67f70677911d959420d2a68c7a49e31af895ebb110218e28
                                                    • Instruction ID: c0b9180bba136db6cb4450f352959cb855c0189553d991d55c440d2a41f63666
                                                    • Opcode Fuzzy Hash: c08a7b93100f729f67f70677911d959420d2a68c7a49e31af895ebb110218e28
                                                    • Instruction Fuzzy Hash: ED71D2B1D081599AF7248B28DC44BFA76B5EF94310F0481FED54D97280EA7E0FC68B66
                                                    Function 004374F4 Relevance: 15.2, Strings: 12, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: 2c3f0117acb6dc719776117c0fee8577e998ab4814b5cb11ac28e995d793b93f
                                                    • Instruction ID: f62b326f1082df46c51ccfc6b9ac1fd588a97e52f932dc7453709895d5d5badc
                                                    • Opcode Fuzzy Hash: 2c3f0117acb6dc719776117c0fee8577e998ab4814b5cb11ac28e995d793b93f
                                                    • Instruction Fuzzy Hash: 0871E3B1D081589AF7248B24DC44BFA76B5EF94310F0481FED58D97290EA7E0FC68B66
                                                    Function 0043757F Relevance: 15.2, Strings: 12, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                    • API String ID: 0-4069139063
                                                    • Opcode ID: 5644b0a045c58f291570bef28bb7d4da2f60951908fbf9c815404cdd490f512c
                                                    • Instruction ID: f53938b21af375be15aaebeb695b8e61cd81a3e8814e7d2f6c68db1f0d0aa55b
                                                    • Opcode Fuzzy Hash: 5644b0a045c58f291570bef28bb7d4da2f60951908fbf9c815404cdd490f512c
                                                    • Instruction Fuzzy Hash: 3E51D3B1D081588AF7248B24DC547FA76B5EF94310F0881FDD18D97280DABE0FC68B66
                                                    Function 00419D90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,00421955), ref: 00419D9A
                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,00421955), ref: 00419DA1
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00419DB7
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00421955), ref: 00419DC6
                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 00419E04
                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E13
                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E24
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                    • String ID: SeShutdownPrivilege
                                                    • API String ID: 1280518032-3733053543
                                                    • Opcode ID: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                    • Instruction ID: d07024e087d9fbb4da489035f39631b0ffcbbc48e9dced30be6a628d6d85d024
                                                    • Opcode Fuzzy Hash: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                    • Instruction Fuzzy Hash: D91130B5208300ABD314DFA4DC89B5B77E4BB88B00F80882CF54DC6290E778D8C48B5A
                                                    Function 00461F10 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 598COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $>
                                                    • API String ID: 0-4162622711
                                                    • Opcode ID: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                    • Instruction ID: ab613082dd5abe8ce957bb114a2766d0e8ed38c9df93d9e2be8208bb24206897
                                                    • Opcode Fuzzy Hash: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                    • Instruction Fuzzy Hash: 5432C1705087419BC339DF24C950BEBB7E5FF99300F04492EE99A872A0E7789945CB5B
                                                    Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                    • GetLastError.KERNEL32 ref: 0041E14E
                                                    • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                    • String ID: SeShutdownPrivilege
                                                    • API String ID: 107509674-3733053543
                                                    • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                    • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                    • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                    • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                    Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                    • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                    • String ID: %c:\
                                                    • API String ID: 281833627-3142399695
                                                    • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                    • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                    • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                    • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                    Function 0041F8D0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32(?), ref: 0041F916
                                                    • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                    • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                    • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                    • GetClientRect.USER32(?,?), ref: 0041F958
                                                    • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                    • String ID:
                                                    • API String ID: 2166663075-0
                                                    • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                    • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                    • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                    • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                    Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00020028,?,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419CFD
                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419D04
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                    • String ID:
                                                    • API String ID: 3639550587-0
                                                    • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                    • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                    • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                    • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                    Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                    • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                    • FindClose.KERNEL32(?), ref: 0046342D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNext
                                                    • String ID: %s%s\$%s*
                                                    • API String ID: 3541575487-790581550
                                                    • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                    • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                    • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                    • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                    Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                    • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                    • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                    • String ID:
                                                    • API String ID: 2579439406-0
                                                    • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                    • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                    • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                    • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                    Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                    • SHFormatDateTimeW.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Time$DateFileFormatSystem
                                                    • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                    • API String ID: 750415452-3598614746
                                                    • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                    • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                    • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                    • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                    Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                    • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_Draw
                                                    • API String ID: 310444273-2074868843
                                                    • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                    • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                    • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                    • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                    Function 00437C0D Relevance: 5.2, Strings: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LoadLibraryW$LoadLibraryW$LoadLibraryW$LoadLibraryW
                                                    • API String ID: 0-1670110845
                                                    • Opcode ID: aab8fdc472aab9a3169cc51abf72344f0db6f47184563740fcbca30134808f02
                                                    • Instruction ID: efe731574cad4d896ac3ea6b721f9dc4fafcc7960bc9b220c836e2de899edcf1
                                                    • Opcode Fuzzy Hash: aab8fdc472aab9a3169cc51abf72344f0db6f47184563740fcbca30134808f02
                                                    • Instruction Fuzzy Hash: 06A17CB0D0412A8FEB24CF14C890BAAB7B6BF88304F1451EAD84967341DB395ED2CF85
                                                    Function 00433A34 Relevance: 5.2, Strings: 4, Instructions: 164COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8$n$n$x
                                                    • API String ID: 0-2129689772
                                                    • Opcode ID: cf5d49bee79960da75ba283826bea3fc56815ac5982f9dc94b053dbca8dff0a6
                                                    • Instruction ID: 6a9f980fb99e2887e6dc3becfddd2017fa3a80a1bc26c04a47e2cb20138fd862
                                                    • Opcode Fuzzy Hash: cf5d49bee79960da75ba283826bea3fc56815ac5982f9dc94b053dbca8dff0a6
                                                    • Instruction Fuzzy Hash: 586139B2C112145FF724CF24DD85AEBBBB9EB84304F0181FAE409AB684D7799B85CE41
                                                    Function 00433A9C Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8$n$n$x
                                                    • API String ID: 0-2129689772
                                                    • Opcode ID: 00c1bbbdab861c34f24f8d1873eb1f5f3f0949e32d4292b2c9bd9384d181dbb3
                                                    • Instruction ID: 26f6f6ce247e176b4ede7f809465509c9fba1860c71a91f1b7e0534e89624711
                                                    • Opcode Fuzzy Hash: 00c1bbbdab861c34f24f8d1873eb1f5f3f0949e32d4292b2c9bd9384d181dbb3
                                                    • Instruction Fuzzy Hash: 565126B2C116105FF724CF24DD49AEBBB79EB84304F0181FAE409AB684D7799B85CE51
                                                    Function 00433AA5 Relevance: 5.1, Strings: 4, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8$n$n$x
                                                    • API String ID: 0-2129689772
                                                    • Opcode ID: 32e316ffa5a65982d99cf04c021f6ac28b1293f0bb82d219f734eef2dd278f07
                                                    • Instruction ID: 73b8afc4c98bf0e3a97bc8091e6e7fa612acc7b1dcb653695e712d8c2df94827
                                                    • Opcode Fuzzy Hash: 32e316ffa5a65982d99cf04c021f6ac28b1293f0bb82d219f734eef2dd278f07
                                                    • Instruction Fuzzy Hash: 935137B2C112105FF724CF24DD49AEBBB79EB84304F0181FAE409AB684C7799B85CE51
                                                    Function 00433AB4 Relevance: 5.1, Strings: 4, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8$n$n$x
                                                    • API String ID: 0-2129689772
                                                    • Opcode ID: dcecf5a891b30c32220375cd757518126b1fbdc8723c2bafd0cccd4ddc05d683
                                                    • Instruction ID: d55e6eea592037d02225d2076f503bbd762614f4875345c8810ff08e774373b7
                                                    • Opcode Fuzzy Hash: dcecf5a891b30c32220375cd757518126b1fbdc8723c2bafd0cccd4ddc05d683
                                                    • Instruction Fuzzy Hash: FC5138B2C112105FF724CF24DD89ADBBBB9EB84304F0581FAE409AB684D7799B85CE51
                                                    Function 0043C2E9 Relevance: 4.1, Strings: 3, Instructions: 342COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8<$P>N<$W
                                                    • API String ID: 0-227534669
                                                    • Opcode ID: f18c3db0a5136ddd81f2fcec0227f385df4b38acbc38ec6889e7f765485b46fc
                                                    • Instruction ID: 24cd18582b3d5efdb00246ccdd196ed826d0d1eb571e71699f1c73ad113f7726
                                                    • Opcode Fuzzy Hash: f18c3db0a5136ddd81f2fcec0227f385df4b38acbc38ec6889e7f765485b46fc
                                                    • Instruction Fuzzy Hash: DCD123B2C082648BE7218B24DC947EABB75EF55300F1490EAD44DA7281D77D1EC6CF96
                                                    Function 00463750 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?,?,?,00462FCF,?), ref: 00463797
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DiskFreeSpace
                                                    • String ID: C:\
                                                    • API String ID: 1705453755-3404278061
                                                    • Opcode ID: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                    • Instruction ID: 3d361454ac5cdfa27015c84eaa1fed5b08bb663ce5d8b65a2c27fb38a1a831b9
                                                    • Opcode Fuzzy Hash: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                    • Instruction Fuzzy Hash: 4811C5B69087019FC354DF69D98599BB7E4BF9C700F008A2EF4AE83250E731A548CF96
                                                    Function 00462F00 Relevance: 3.2, APIs: 2, Instructions: 213fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileW.KERNEL32(?,00000003), ref: 0046300E
                                                    • FindClose.KERNEL32(00000000), ref: 0046301E
                                                      • Part of subcall function 004631F0: FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Find$FileFirst$Close
                                                    • String ID:
                                                    • API String ID: 2810966245-0
                                                    • Opcode ID: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                    • Instruction ID: 9b1d8f8ee81afef67cdd5002a011b417e39822a31e6c33f357b0cfbac9d9b473
                                                    • Opcode Fuzzy Hash: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                    • Instruction Fuzzy Hash: A38161711083819FC314DF14D988AABBBE8FFD9715F000A2EF59A83291DB749948CB67
                                                    Function 00460070 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID:
                                                    • API String ID: 9847766-0
                                                    • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                    • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                    • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                    • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                    Function 004579F0 Relevance: 2.9, Strings: 1, Instructions: 1603COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `=
                                                    • API String ID: 0-2762138152
                                                    • Opcode ID: b6e6f1d30904bbd89972e7c5541cf27078fea097c689c36a5cb6ef6dd1844168
                                                    • Instruction ID: b08322f707590d6679d8a3345288254223faeb83914a9e5506ea8f8450595ff3
                                                    • Opcode Fuzzy Hash: b6e6f1d30904bbd89972e7c5541cf27078fea097c689c36a5cb6ef6dd1844168
                                                    • Instruction Fuzzy Hash: 61D27C716083459FD720DF24C880AABB7E5BF88705F14491EF989A7312DB34ED49CB9A
                                                    Function 00436182 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: :J>@$D8IJ
                                                    • API String ID: 0-2947742432
                                                    • Opcode ID: ad5d59807253da81d39ba966d655acc77b109847e9cff3f61a67d095826015a8
                                                    • Instruction ID: 5c686077c47ff6b6d61482f354a1c1ad7c909965f53e7b67d397121a71d10f0a
                                                    • Opcode Fuzzy Hash: ad5d59807253da81d39ba966d655acc77b109847e9cff3f61a67d095826015a8
                                                    • Instruction Fuzzy Hash: C871D7B2D002659BEB28CB24CD85AEEBBB5EB95304F1581EAD40D57280D7785FC1CF41
                                                    Function 00474040 Relevance: 2.5, APIs: 2, Instructions: 32memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32 ref: 00474063
                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00474074
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Heap$FreeProcess
                                                    • String ID:
                                                    • API String ID: 3859560861-0
                                                    • Opcode ID: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                    • Instruction ID: 0e5b393c9cfaccf242b34e640deb84f37198d475fe7bd5f1c49fe5a9f1fc366a
                                                    • Opcode Fuzzy Hash: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                    • Instruction Fuzzy Hash: BDF05E716002405BD7209FA5D848FA3779C9F85350F04C12EE65D873A1DB79E881CB99
                                                    Function 00420B40 Relevance: 1.5, APIs: 1, Instructions: 22windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsIconic.USER32(?), ref: 00420B4C
                                                      • Part of subcall function 00420970: GetWindowRect.USER32(?,?), ref: 004209E6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: IconicRectWindow
                                                    • String ID:
                                                    • API String ID: 3467660236-0
                                                    • Opcode ID: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                    • Instruction ID: f9d6239d05f36fe70fa0ff212e7df7f15f460ae1a1a005da7839878c6ec85a4b
                                                    • Opcode Fuzzy Hash: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                    • Instruction Fuzzy Hash: 58E012723002348BD7319B65A444B9736E87B04788F8445EFA045C71B2D768E884C65C
                                                    Function 00433EAE Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: H34@
                                                    • API String ID: 0-2487174752
                                                    • Opcode ID: fe570c53f31a1030afe9cad9d45dbd6b738dd7376e5c5b4156fb77075e199094
                                                    • Instruction ID: 026f594ba801b1dfecca659df33d1d3ab421ee25666f9ac6592aaba2df954003
                                                    • Opcode Fuzzy Hash: fe570c53f31a1030afe9cad9d45dbd6b738dd7376e5c5b4156fb77075e199094
                                                    • Instruction Fuzzy Hash: 0691C6B2C046255BE728CB24CD9AAEBBB78EB94314F1441FBE40DA6690D7385FC5CE41
                                                    Function 004341E9 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: H34@
                                                    • API String ID: 0-2487174752
                                                    • Opcode ID: f251515a9720d454a48104cf0643dfcaf450d31bc686ee3744d5c59bbb945706
                                                    • Instruction ID: c8ebc5d4fb92d34b8b573a507acbb3f113d07f6f337fc38b210da5649d6d9087
                                                    • Opcode Fuzzy Hash: f251515a9720d454a48104cf0643dfcaf450d31bc686ee3744d5c59bbb945706
                                                    • Instruction Fuzzy Hash: C381B6B3D002199FEB28CA24DD86AEABB75EB94304F1581FBD40DA6680D7385FC1CE45
                                                    Function 00434106 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: H34@
                                                    • API String ID: 0-2487174752
                                                    • Opcode ID: 0a3b7d1444c2786afc320b6bd40fbaa95e5647496f54398d8f0c62d3e331110a
                                                    • Instruction ID: f8de0b298c869ebdcac05578fe5f63c8d328130c687421969f6480e3935d22ea
                                                    • Opcode Fuzzy Hash: 0a3b7d1444c2786afc320b6bd40fbaa95e5647496f54398d8f0c62d3e331110a
                                                    • Instruction Fuzzy Hash: 9E71C672C046159FEB28CB24CD9A6EAFB78EB94304F0481FFD409A6594D7385BC5CE45
                                                    Function 00434FB7 Relevance: .7, Instructions: 653COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9124635bd56cfe93a09385ee2b2e40fc8a998750819e9b102548a7b487ed810
                                                    • Instruction ID: 8daba9e73fa2b9681ec2eca294966604e4a66c8347f70c7207db6c00a4a605dc
                                                    • Opcode Fuzzy Hash: a9124635bd56cfe93a09385ee2b2e40fc8a998750819e9b102548a7b487ed810
                                                    • Instruction Fuzzy Hash: 874229B2C002159FF728CB24DD95AEFB7B9EB94304F1481BBE80DA6684D6785BC1CE41
                                                    Function 0043B4ED Relevance: .3, Instructions: 341COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cce14fc0c4e883b8836a8eb8fd5fac5dfab0ee17c596326a44e3e8e5948192f4
                                                    • Instruction ID: f626bf566af5f9221be38e3c9fa9be92d2384a358799a5f3df2d3979577deefd
                                                    • Opcode Fuzzy Hash: cce14fc0c4e883b8836a8eb8fd5fac5dfab0ee17c596326a44e3e8e5948192f4
                                                    • Instruction Fuzzy Hash: E3E16AB1D045288FEB24CB14DD90BEAB7B5EF88305F1491EAD90DA6341D7385EC68F85
                                                    Function 0050DE5C Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                    • Instruction ID: 5f65285439b790b28c0d3b905ad07066762363c037cdec378342d8cce10f23cf
                                                    • Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                    • Instruction Fuzzy Hash: 37B129316106099FD725CF28C48AB697FA0FF45364F298A58E89ACF2E1C375E991CB40
                                                    Function 00436E2C Relevance: .2, Instructions: 233COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4e919956cf993cd2047dc58a761cbd3449845da22d714a97044375535f02d280
                                                    • Instruction ID: 96f77b5400d9455591524b4b21428f5838f757273e4db38507aa0c2d7e42ca69
                                                    • Opcode Fuzzy Hash: 4e919956cf993cd2047dc58a761cbd3449845da22d714a97044375535f02d280
                                                    • Instruction Fuzzy Hash: 78717BF2D081555AF3248624DC44EF73B79EB82314F1052BBD84E92681D67C9FC68A67
                                                    Function 0043C790 Relevance: .2, Instructions: 232COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 01e51831b4e64c9fa3ff6a9a7065ef76fef1b13936ef45c3836ae5cce04d0e12
                                                    • Instruction ID: cbfe5487369ea17fd17facb96a9910fcdcf94b0024d0a5430e4eb61f7b1dec03
                                                    • Opcode Fuzzy Hash: 01e51831b4e64c9fa3ff6a9a7065ef76fef1b13936ef45c3836ae5cce04d0e12
                                                    • Instruction Fuzzy Hash: 948122B2D042249AEB20CB55EC85BFFB775EB95314F2490BAE44966280D73C1EC1CB57
                                                    Function 0043CF23 Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9af4166c50d3e8b0cc14404568f4edbe1f5d8e4fe296c739c082278095c60576
                                                    • Instruction ID: b5b55e124a0bb5c595705d2559ef4c842653ab61a0daf9dc9d719fda79e42720
                                                    • Opcode Fuzzy Hash: 9af4166c50d3e8b0cc14404568f4edbe1f5d8e4fe296c739c082278095c60576
                                                    • Instruction Fuzzy Hash: 668103B2D042549EE7249B54EC95AEBB775EF89310F2041FEE80A66280E73C1EC1CF56
                                                    Function 0043CB38 Relevance: .2, Instructions: 210COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1fccd0f3ad3559e5946c3875068327b33cbc76fc2978ab261209254362e42bf3
                                                    • Instruction ID: 73df923371937ae3cad58781ff8b08b80acb25353d11e100f3aa0f8058d8f783
                                                    • Opcode Fuzzy Hash: 1fccd0f3ad3559e5946c3875068327b33cbc76fc2978ab261209254362e42bf3
                                                    • Instruction Fuzzy Hash: 767129B2D082149FE7148B64EC99AEB7779EB45314F1450BEE40AA6680E63C6EC1CF53
                                                    Function 00569732 Relevance: .2, Instructions: 200COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88ae9bdcbc400991154dc88ed0020ef1944aeff43c58029710c0ec95881c24e6
                                                    • Instruction ID: 9f18163ae13ca591fdce8fbbf3120c1929d6dc78f87128d86927680426b21425
                                                    • Opcode Fuzzy Hash: 88ae9bdcbc400991154dc88ed0020ef1944aeff43c58029710c0ec95881c24e6
                                                    • Instruction Fuzzy Hash: 7D610FF2D05114AFF7108A24EC849FB7B79FBC1320F2482BAE84997684D6385FD68A51
                                                    Function 004350A5 Relevance: .2, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e98f1537b4ec484029a83615924dc8289dcca8bb414f017a88546c16b0087c1
                                                    • Instruction ID: 9387c52d56b502dd33248861458b1c12392ee2df263ab2e08710c64f3ba4a726
                                                    • Opcode Fuzzy Hash: 5e98f1537b4ec484029a83615924dc8289dcca8bb414f017a88546c16b0087c1
                                                    • Instruction Fuzzy Hash: 6E71D4B2C016155FF768CA14DD96AEFB779EB44304F1481FAE80DA6284D6786FC1CE82
                                                    Function 00433714 Relevance: .2, Instructions: 196COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5fdbf5f1f214e34c94f52c71e94d06d5dbc49d40d4ddb9617062d184feba55ac
                                                    • Instruction ID: 646790e7ea8e386043aed9b72547da26701808286266b482c31e391643ae6535
                                                    • Opcode Fuzzy Hash: 5fdbf5f1f214e34c94f52c71e94d06d5dbc49d40d4ddb9617062d184feba55ac
                                                    • Instruction Fuzzy Hash: 8A7117B2C043159FE728CF24CD95AEABBB8EB58314F0445BBE409AA280D63C5BC5CE51
                                                    Function 0043823C Relevance: .2, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55066c73ef36d2783bc1a0b268e2b9af25ee785272cccdd31a6ca0158415aa52
                                                    • Instruction ID: 00279acfb7fa842d1e13d94e32351fad2b17ecabfcc5db73c5f01eb7bcaba413
                                                    • Opcode Fuzzy Hash: 55066c73ef36d2783bc1a0b268e2b9af25ee785272cccdd31a6ca0158415aa52
                                                    • Instruction Fuzzy Hash: 7D6108B1C152688EEB14CF11DC80AFAB775EF84310F1491FEE84996381EA385EC6CB16
                                                    Function 004350B2 Relevance: .2, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a2afd30aee655d15a457e24ac89d52cab2685dce43e51aa16c93ec8551487313
                                                    • Instruction ID: b899bf7536bbe289452e1c74db3b079098955b95429fdbc2269a9060d59f69dc
                                                    • Opcode Fuzzy Hash: a2afd30aee655d15a457e24ac89d52cab2685dce43e51aa16c93ec8551487313
                                                    • Instruction Fuzzy Hash: B87105B2C016155FF768CA14DD96AEFB779EB84304F1481FAE40DA6284D6786BC1CE81
                                                    Function 0043D0AA Relevance: .2, Instructions: 189COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 62ce7207d86b08a06b2db43c02742fd57c3c307ed444bf949188b205569a7649
                                                    • Instruction ID: 815de63aba6a0df31f0324ab3d61c1775a0f1be2713da0d6e184934fbe215842
                                                    • Opcode Fuzzy Hash: 62ce7207d86b08a06b2db43c02742fd57c3c307ed444bf949188b205569a7649
                                                    • Instruction Fuzzy Hash: 8371E2B1D082288BEB64CB14EC94AEB7775EF4A314F1451EAD80D62641D63D6EC2CF52
                                                    Function 004350C5 Relevance: .2, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 067be951eeb82b5c64671adb29418fe17f22b5c001bac1cfc317968a7ffbfe6a
                                                    • Instruction ID: 73769fe752adc173fecba53dc0e0a66b827d7f7504d98bb61cc270d647fc0f01
                                                    • Opcode Fuzzy Hash: 067be951eeb82b5c64671adb29418fe17f22b5c001bac1cfc317968a7ffbfe6a
                                                    • Instruction Fuzzy Hash: 817107B3C012195FF768CA24CD96AEFB779EB84304F1481FAD40DA6284D6786BC1CE41
                                                    Function 004380AD Relevance: .2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d69729cb43ead94b3f0b5774e86cee05f5d6007c0cb9a5fff07f95048f5156a6
                                                    • Instruction ID: 9d954face190fc2ffc5b0aab6d7758254aab427c2a12e3484040df9b78d69fc5
                                                    • Opcode Fuzzy Hash: d69729cb43ead94b3f0b5774e86cee05f5d6007c0cb9a5fff07f95048f5156a6
                                                    • Instruction Fuzzy Hash: 6A51F5B1D152588EE714CB21DC90AFAB775EF89310F1491FEE84997381EA385EC6CB06
                                                    Function 0044FE44 Relevance: .2, Instructions: 178COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19b9223b857f1b24df333a4f40d5fc97b849f662003ae1621d9b12d667b52e89
                                                    • Instruction ID: c9399c91bc1f194feeda29046295e732aacebcc5548babbd2976c71491146531
                                                    • Opcode Fuzzy Hash: 19b9223b857f1b24df333a4f40d5fc97b849f662003ae1621d9b12d667b52e89
                                                    • Instruction Fuzzy Hash: C451F0B2E005258FF7648A15DC51BEBB7B9EB81311F1481FBD80E56681DA3C1EC98E52
                                                    Function 004346E9 Relevance: .2, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0836d2470de13037abb70076c79756bd867e5894d54dd8fc9b01b149c37895b4
                                                    • Instruction ID: ff49bf3be6b89317333e067eb3ccc7e480e28e93334ac73c62d14b71f1616c7e
                                                    • Opcode Fuzzy Hash: 0836d2470de13037abb70076c79756bd867e5894d54dd8fc9b01b149c37895b4
                                                    • Instruction Fuzzy Hash: 5B61B4B2D051259BE728CB14DE95AEABBB5EB94304F01C2FBD40D67684D7345B81CE81
                                                    Function 0043CC01 Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 291757eb49997f9997dd54277974ee507baa6ffead9ac3fb2be9b7ae14eaa862
                                                    • Instruction ID: 9542270118991b9a1a0dca9f3675eb2d829e8778d79d33db6ab3697065379ea8
                                                    • Opcode Fuzzy Hash: 291757eb49997f9997dd54277974ee507baa6ffead9ac3fb2be9b7ae14eaa862
                                                    • Instruction Fuzzy Hash: 345124B2D042148FE714DB64DC95AEA7779EB49314F2450EEE80AA6680E73C6EC1CF53
                                                    Function 0044DF8A Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fde1525650254eb9a53f8fbd2290b7960c8f444b6732f69e6425a540f5ccbc07
                                                    • Instruction ID: bc42acbf0d765d09a8bfc041bd9edf51766f6638199ec49322e9c3040a978fd4
                                                    • Opcode Fuzzy Hash: fde1525650254eb9a53f8fbd2290b7960c8f444b6732f69e6425a540f5ccbc07
                                                    • Instruction Fuzzy Hash: 18519CB1D041298AEB248B25DD44BFAB7B5FB84310F1481FAE90EA6684D37C5EC1CF56
                                                    Function 0043CE0A Relevance: .2, Instructions: 156COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a1bbc2914b03917abe5aebfe32e73b917701bc6620dde49cb77cd2bb8fe66467
                                                    • Instruction ID: 27a12994aeaa32714ef0a413fb94a7145a448f39d178c3c225a92d63ebfd53be
                                                    • Opcode Fuzzy Hash: a1bbc2914b03917abe5aebfe32e73b917701bc6620dde49cb77cd2bb8fe66467
                                                    • Instruction Fuzzy Hash: 175134B2D042149FE7148B50EC85AAF7779EB99315F2450BEE80A66280E73D1EC2CF53
                                                    Function 00502A5F Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 193ee71bb4219eb56612ecd312c4419e302a5ed9f49001b7e0465b3d0f90fd54
                                                    • Instruction ID: 1e6ae11eecee1b83898ede065f6c0902e16aff3f515b9f00e4b9fb02dc7855d5
                                                    • Opcode Fuzzy Hash: 193ee71bb4219eb56612ecd312c4419e302a5ed9f49001b7e0465b3d0f90fd54
                                                    • Instruction Fuzzy Hash: 51519DB1A002058FEB25CF65D9997AEBBF0FB48350F25847AC805EB2A0D3749D84CF90
                                                    Function 0043CE6A Relevance: .1, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e10caed2046dc41e7e11909eeaafd7112c14113511b55472d0ee3c85c55eb19
                                                    • Instruction ID: c15174e7abed01efc2c33dcaeac02d7eda68e7f9dd298cd13a14a33333803f2c
                                                    • Opcode Fuzzy Hash: 2e10caed2046dc41e7e11909eeaafd7112c14113511b55472d0ee3c85c55eb19
                                                    • Instruction Fuzzy Hash: B65123B2D042149FE720CB50EC85AAB7775EB99315F2450EED80A66680E73D1EC2CF53
                                                    Function 00435200 Relevance: .1, Instructions: 114COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe94a5441179acec49e347065dc9519a53779fc2b38efab84cf450508c8ed598
                                                    • Instruction ID: 9fc4f54b6c3654e0452f5aa4e846e8db22521adcb14083c6b3048d35fbaaccdd
                                                    • Opcode Fuzzy Hash: fe94a5441179acec49e347065dc9519a53779fc2b38efab84cf450508c8ed598
                                                    • Instruction Fuzzy Hash: 5A4129B3C056295BE728CB24CD95AEEBBB6EB45304F1481FBD40DA62C4D6785BC1CE41
                                                    Function 0045050B Relevance: .1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5d236a15799000fb209312fc24bae749b7bbd6973806156f6aa40f189f69d974
                                                    • Instruction ID: 946c6e454005edeb63dca86d51b705fde2ab32d80535d7e5d3bb837813cbef57
                                                    • Opcode Fuzzy Hash: 5d236a15799000fb209312fc24bae749b7bbd6973806156f6aa40f189f69d974
                                                    • Instruction Fuzzy Hash: B941BDA6D4063A9AEB348B10DC84BFBB379EF50305F1040FADD0DA6281E63D5EC9DA55
                                                    Function 00468F80 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                    • Instruction ID: 25f691dd9f4b04871031b08211d0b3aff43497b52775273811143d25c2d92c00
                                                    • Opcode Fuzzy Hash: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                    • Instruction Fuzzy Hash: 0211C933769A1007E76C843C58523AB418743E5738F298B2FA936C63E8E97DCD42515E
                                                    Function 00402140 Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 304windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,7693AF60), ref: 0041DB8A
                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                      • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                    • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                    • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                    • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                      • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                      • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                    • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                    • API String ID: 3599163918-2734650818
                                                    • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                    • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                    • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                    • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                    Function 00428720 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 131windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCursorPos.USER32(00000000), ref: 0042872A
                                                    • CreatePopupMenu.USER32 ref: 00428751
                                                    • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                    • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                    • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                    • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                    • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                    • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                    • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$Append$CreateCursorPopup
                                                    • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                    • API String ID: 2468982102-1766060818
                                                    • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                    • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                    • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                    • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                    Function 004164C0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 304windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetComboBoxInfo.USER32 ref: 00416520
                                                    • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                    • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                    • GetClientRect.USER32(?,?), ref: 0041658E
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                    • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                      • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                    • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                    • CopyRect.USER32(?,?), ref: 0041683E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                    • String ID: 4$COMBOBOX
                                                    • API String ID: 3327461832-2064896087
                                                    • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                    • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                    • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                    • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                    Function 00432180 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 303windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                    • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                    • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$`=
                                                    • API String ID: 3850602802-2611688555
                                                    • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                    • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                    • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                    • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                    Function 0041A1F1 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 128windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateSolidBrush.GDI32(?), ref: 0041A2A5
                                                      • Part of subcall function 0041A7B0: CloseHandle.KERNEL32(?,0041A113), ref: 0041A7BB
                                                      • Part of subcall function 0041A770: CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                    • EnumWindows.USER32 ref: 0041A2F2
                                                    • IsWindow.USER32(?), ref: 0041A2FD
                                                    • SetForegroundWindow.USER32(?), ref: 0041A310
                                                    • EnumWindows.USER32(Function_00019F90,?), ref: 0041A34F
                                                    • IsWindow.USER32(?), ref: 0041A35A
                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 0041A372
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Window$CreateEnumWindows$BrushCloseForegroundHandleMessageMutexSendSolid
                                                    • String ID: -BootTimeDefrag$8<$DiskDefrag$Foucs_Color$Frame_Color$Mid_Back_Color$Select_Color$Text_Color$Window
                                                    • API String ID: 2433303760-2309799116
                                                    • Opcode ID: d6854c7e6291e1b39e86979be8b967f7d0611a7566291a32060de897da06fb10
                                                    • Instruction ID: 9fe1ff023ffd13c005f793ce9add20bfadde0b2b9dc18c99357dbdc95238beea
                                                    • Opcode Fuzzy Hash: d6854c7e6291e1b39e86979be8b967f7d0611a7566291a32060de897da06fb10
                                                    • Instruction Fuzzy Hash: 45417470654340BBD710BB608C86FAF76A4AF44704F10482EF559A22C1DBB9A5588B6B
                                                    Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                    • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Object
                                                    • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                    • API String ID: 2936123098-848768055
                                                    • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                    • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                    • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                    • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                    Function 00421750 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 306windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                    • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                      • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,7376EA83), ref: 004215AC
                                                    • GetTickCount.KERNEL32 ref: 004218F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CountRedrawTickWindow
                                                    • String ID: 3401097$ScheduleStart$`=
                                                    • API String ID: 1016491994-4255795148
                                                    • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                    • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                    • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                    • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                    Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                    • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                    • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                    • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                    • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                    • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                    • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                    • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                    • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                    • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                    • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                    • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                    • String ID: &$>=
                                                    • API String ID: 1279047860-1654677323
                                                    • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                    • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                    • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                    • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                    Function 00453F10 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 201fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,00000328,?,00000000), ref: 00453F69
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453FDE
                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454016
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328,00000000,00000000), ref: 00454026
                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454057
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 00454066
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?), ref: 00454071
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540A7
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540D7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                    • String ID: C:\$\\.\C:
                                                    • API String ID: 4273481478-2866759028
                                                    • Opcode ID: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                    • Instruction ID: dcbbcf768856184cb3fb00598b231148ced9fb8d52ef67d3d26bd90cee913ac4
                                                    • Opcode Fuzzy Hash: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                    • Instruction Fuzzy Hash: CA616C72608300AFC310DF69D88196BF7E4FFD8711F804A2EF55987291EB759848CB96
                                                    Function 00453BD0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 200fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00453C29
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453C9B
                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453CD3
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045B451), ref: 00453CE3
                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453D14
                                                    • GetLastError.KERNEL32 ref: 00453D23
                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D2E
                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D64
                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D94
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                    • String ID: C:\$\\.\C:
                                                    • API String ID: 4273481478-2866759028
                                                    • Opcode ID: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                    • Instruction ID: 4e319efc0b140ea32d15ab3920dd7af36ea307e7c4a1d425a09acf6eef36fbe0
                                                    • Opcode Fuzzy Hash: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                    • Instruction Fuzzy Hash: D9617BB2608300AFC314DF69DC8196BF7F4EFD8751F804A2EF55983251E77599088B9A
                                                    Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(004216E9), ref: 00422459
                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                    • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                    • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                    • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                    • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                    • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Timer$Window
                                                    • String ID:
                                                    • API String ID: 389327760-0
                                                    • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                    • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                    • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                    • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                    Function 0040ECF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyRect.USER32(?,?), ref: 0040ED30
                                                    • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                    • CopyRect.USER32(?,?), ref: 0040EF77
                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                    • String ID:
                                                    • API String ID: 2897418849-3916222277
                                                    • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                    • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                    • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                    • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                    Function 00425C00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 161windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadMenuW.USER32(00000000), ref: 00425C5A
                                                    • GetSubMenu.USER32(?,00000003), ref: 00425C85
                                                    • CheckMenuItem.USER32(?,00008029,00000008), ref: 00425DAB
                                                    • GetWindowRect.USER32(?,00000088), ref: 00425DBD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$CheckItemLoadRectWindow
                                                    • String ID: 1003007$1003008$1003009$1003010$3401095$DefragFinish$DiskDefrag
                                                    • API String ID: 64815558-1687404023
                                                    • Opcode ID: 182fb5aa05407dff1fb33d3373427549e83ff2224f272dee2797ef27b0f06224
                                                    • Instruction ID: 4418ca87599e6f793fb4d10bf028e48e6936bb9db45e74f47fa123fcf7e21ce3
                                                    • Opcode Fuzzy Hash: 182fb5aa05407dff1fb33d3373427549e83ff2224f272dee2797ef27b0f06224
                                                    • Instruction Fuzzy Hash: 2151CAB1794701BAE350AB609C47FAB7268AB84B14F10C91FB75EB65C0CEFCA405875D
                                                    Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                    • API String ID: 3850602802-328498535
                                                    • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                    • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                    • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                    • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                    Function 00417F00 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 110windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00417F45
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00417F5B
                                                    • SendMessageW.USER32(0047D9D0,00001001,00000000,?), ref: 0041804D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3401074$3401075$3401076$3401077$8<$DiskDefrag$Mid_Back_Color$Window
                                                    • API String ID: 3850602802-2758692112
                                                    • Opcode ID: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                    • Instruction ID: 56ac88722a8962ac1f975558d68bc042bced7a88e006b99efbc398d4c5261ff8
                                                    • Opcode Fuzzy Hash: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                    • Instruction Fuzzy Hash: B23156B07903007AE274EB258C83FEA72659F44B14F20452FB71E762D1CEF97844565C
                                                    Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                      • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: InvalidateMessageRectSend
                                                    • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                    • API String ID: 909852535-1675042175
                                                    • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                    • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                    • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                    • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                    Function 00451C80 Relevance: 18.2, APIs: 12, Instructions: 181commemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitialize.OLE32(00000000), ref: 00451CBB
                                                    • CoCreateInstance.OLE32(0047D360,00000000,00000001,0047D170,?), ref: 00451CDF
                                                    • VariantInit.OLEAUT32(?), ref: 00451CF8
                                                    • VariantInit.OLEAUT32(?), ref: 00451D24
                                                    • VariantInit.OLEAUT32(?), ref: 00451D4B
                                                    • VariantInit.OLEAUT32(?), ref: 00451D72
                                                    • VariantClear.OLEAUT32(?), ref: 00451E17
                                                    • VariantClear.OLEAUT32(?), ref: 00451E1E
                                                    • VariantClear.OLEAUT32(?), ref: 00451E25
                                                    • VariantClear.OLEAUT32 ref: 00451E37
                                                    • SysAllocString.OLEAUT32(0047EF4C), ref: 00451E69
                                                    • SysFreeString.OLEAUT32(00000000), ref: 00451EA8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Variant$ClearInit$String$AllocCreateFreeInitializeInstance
                                                    • String ID:
                                                    • API String ID: 162617764-0
                                                    • Opcode ID: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                    • Instruction ID: 4a3acebe906db87488b43d3aef87afcda0e18f97818647458927d115f12b3f92
                                                    • Opcode Fuzzy Hash: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                    • Instruction Fuzzy Hash: 08712875A183509FC310CF68C844A5ABBE8FF89B20F158A5EF99897360D775E804CF92
                                                    Function 0042FDF0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 331windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042FE87
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FF25
                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 0042FF79
                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FFF3
                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00430097
                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 0043015F
                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00430211
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                    • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                    • API String ID: 206244367-2061274879
                                                    • Opcode ID: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                    • Instruction ID: 62bdf63df222c89057064cae7919c1e413492940edc838130925d2253cd5f780
                                                    • Opcode Fuzzy Hash: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                    • Instruction Fuzzy Hash: 80C1E5312043008BC710EF24D995B9BB7E5BF88704F500A7EF9499B296DB74ED49CB9A
                                                    Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                    • GetClientRect.USER32(?,?), ref: 0040FD46
                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                    • GetCursorPos.USER32(?), ref: 0040FE29
                                                    • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                    • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                    • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                    • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                    • String ID: d
                                                    • API String ID: 883400287-2564639436
                                                    • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                    • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                    • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                    • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                    Function 0042D9D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetClientRect.USER32(?,?), ref: 0042DA84
                                                    • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                    • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                    • FillRect.USER32(?,?,?), ref: 0042DB38
                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                    Strings
                                                    • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0042DA43
                                                    • ColorIndex, xrefs: 0042DA3E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                    • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                    • API String ID: 24576784-1631410767
                                                    • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                    • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                    • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                    • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                    Function 00456AB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00456B14
                                                      • Part of subcall function 00454290: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00454306
                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00456B57
                                                    • CloseHandle.KERNEL32 ref: 00456B7E
                                                    • CloseHandle.KERNEL32 ref: 00456BA5
                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000), ref: 00456BD6
                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000000), ref: 00456C07
                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000001), ref: 00456C38
                                                    • CloseHandle.KERNEL32(00000000), ref: 00456C5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$CreateFileUnothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: \\.\C:
                                                    • API String ID: 1066634676-259948872
                                                    • Opcode ID: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                    • Instruction ID: 9c2aacaccead671dbc3a96f70d0e1eab3c71fbf61e1a23b3dd7d7caf89dd1f7c
                                                    • Opcode Fuzzy Hash: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                    • Instruction Fuzzy Hash: C75109377043006BD214AF69AC86BAEB394EF9C725F80013FF509D3282DA255548C7AB
                                                    Function 00422890 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 139windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadMenuW.USER32(00000000), ref: 004228FF
                                                    • GetSubMenu.USER32(?,00000000), ref: 0042292A
                                                    • GetCursorPos.USER32(00000088), ref: 00422945
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$CursorLoad
                                                    • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]
                                                    • API String ID: 3043871728-3947735280
                                                    • Opcode ID: 12aba4a97e714f3a74ed8847fff63567ff0577a5bbd9ac9787f27e08b8126eff
                                                    • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                    • Opcode Fuzzy Hash: 12aba4a97e714f3a74ed8847fff63567ff0577a5bbd9ac9787f27e08b8126eff
                                                    • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                    Function 0042EA80 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042EAE3
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042EAF7
                                                    • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0042EB36
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402007$3402033$3402037$3402038$3402039$3402040
                                                    • API String ID: 3850602802-3173017236
                                                    • Opcode ID: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                    • Instruction ID: f302c9e8cacf912969436f53e573b816ab0f893bb8e7c3a9347613e7e3a9d812
                                                    • Opcode Fuzzy Hash: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                    • Instruction Fuzzy Hash: 0021D7F0BE074035E6B5BA614D43FEE21295F84F49F20880BB75E7A9C2CADC3941629D
                                                    Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SysFreeString.OLEAUT32(00000000), ref: 0045382E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FreeString
                                                    • String ID:
                                                    • API String ID: 3341692771-0
                                                    • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                    • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                    • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                    • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                    Function 0040F790 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 372windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32 ref: 0040F806
                                                    • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                    • CopyRect.USER32(?,?), ref: 0040F845
                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                    • GetClientRect.USER32(?,?), ref: 0040F88B
                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                    • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageRectSend$Copy$Client
                                                    • String ID: $6
                                                    • API String ID: 201260696-4183747533
                                                    • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                    • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                    • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                    • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                    Function 005044CB Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • type_info::operator==.LIBVCRUNTIME ref: 005045EA
                                                    • ___TypeMatch.LIBVCRUNTIME ref: 005046F8
                                                    • CatchIt.LIBVCRUNTIME ref: 00504749
                                                    • _UnwindNestedFrames.LIBCMT ref: 0050484A
                                                    • CallUnexpected.LIBVCRUNTIME ref: 00504865
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 4119006552-393685449
                                                    • Opcode ID: c26d24f4e50278c58a792160a0fe842b52be49f4b5b866d5d94dbe513e171f49
                                                    • Instruction ID: 5dd21464bb712edaca5d39657731a3d44e727a7ea374a4dbe15693b69206165e
                                                    • Opcode Fuzzy Hash: c26d24f4e50278c58a792160a0fe842b52be49f4b5b866d5d94dbe513e171f49
                                                    • Instruction Fuzzy Hash: 18B1ADB180020AEFCF14DFA4C8859AEBFB5FF45310F14855AEA156B292D331DA61CF91
                                                    Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CopyRect
                                                    • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                    • API String ID: 1989077687-1885521073
                                                    • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                    • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                    • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                    • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                    Function 00418660 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                    • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CriticalEnterSection
                                                    • String ID: %.2f%%$%I64u
                                                    • API String ID: 2245208738-2288124401
                                                    • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                    • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                    • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                    • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                    Function 00418A70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 249windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                    • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                    • API String ID: 206244367-2061274879
                                                    • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                    • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                    • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                    • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                    Function 0042CCB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 192windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000133D,00000000,00000001), ref: 0042CE5B
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,?,7376EA83,?,?,?,?,?,?,?,?,?,004217B6), ref: 0042CEBD
                                                    • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042CEF4
                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042CF49
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$RedrawWindow
                                                    • String ID: %s (%c:)$%s (%s)$3401034$3401126
                                                    • API String ID: 648961319-3732436656
                                                    • Opcode ID: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                    • Instruction ID: fd74af85edc4f78d52bbe53b36b76dc0b3b7e67d0ab5ffb778a9a62391dde0ea
                                                    • Opcode Fuzzy Hash: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                    • Instruction Fuzzy Hash: 0E718D716043409FD324DF64DD85FABBBF4EF88700F10492EFA5A96290DBB4A944CB5A
                                                    Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                    • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                    • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                    • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: NtQuerySystemInformation$ntdll
                                                    • API String ID: 3025674679-3593917365
                                                    • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                    • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                    • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                    • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                    Function 0042CAA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                    • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                    • GetParent.USER32(?), ref: 0042CB0D
                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                    • IsWindowVisible.USER32(?), ref: 0042CB35
                                                    • GetParent.USER32(?), ref: 0042CB43
                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$NotifyParentVisibleWindow
                                                    • String ID: `=
                                                    • API String ID: 2910063261-2762138152
                                                    • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                    • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                    • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                    • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                    Function 00402760 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 122windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402041$3402042$DiskDefrag$Images$close$open
                                                    • API String ID: 3850602802-3786962624
                                                    • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                    • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                    • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                    • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                    Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ActiveMessageWindow
                                                    • String ID: 3400001$3400101$3401090$rY
                                                    • API String ID: 3610105657-3605576623
                                                    • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                    • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                    • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                    • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                    Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                    • GetCursorPos.USER32(?), ref: 00416BCF
                                                    • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                    • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                    • PtInRect.USER32(?,?,?), ref: 00416C10
                                                    • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                    • PtInRect.USER32(?,?,?), ref: 00416C98
                                                    • InvalidateRect.USER32(?), ref: 00416CC7
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                    • String ID:
                                                    • API String ID: 2454936240-0
                                                    • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                    • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                    • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                    • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                    Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyRect.USER32(?,?), ref: 004318DA
                                                    • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                    • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                    • SelectObject.GDI32(?,?), ref: 00431BEF
                                                    • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                    • String ID: Z
                                                    • API String ID: 54210234-1505515367
                                                    • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                    • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                    • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                    • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                    Function 00410D00 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 242COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>
                                                    • API String ID: 0-135031447
                                                    • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                    • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                    • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                    • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                    Function 00424430 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 157windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32 ref: 00429964
                                                      • Part of subcall function 004298F0: PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0042998F
                                                      • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                      • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                      • Part of subcall function 004298F0: PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 004299B0
                                                      • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,?,000004FF), ref: 004299C9
                                                    • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                      • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                      • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                    • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                    • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$ScheduleStart
                                                    • API String ID: 784092869-278688185
                                                    • Opcode ID: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                    • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                    • Opcode Fuzzy Hash: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                    • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                    Function 00465A50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetParent.USER32(?), ref: 00465A5F
                                                    • GetWindowRect.USER32(?,?), ref: 00465A78
                                                    • GetClientRect.USER32(?,?), ref: 00465B27
                                                    • GetDC.USER32(?), ref: 00465B49
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                    • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                    • String ID: Button_Check
                                                    • API String ID: 330964712-1860365581
                                                    • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                    • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                    • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                    • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                    Function 00455770 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 004557C8
                                                    • GetDiskFreeSpaceW.KERNEL32 ref: 00455855
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DiskFreeInformationSpaceVolume
                                                    • String ID: C:\$FAT$FAT16$FAT32$NTFS
                                                    • API String ID: 3270478670-3579686192
                                                    • Opcode ID: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                    • Instruction ID: 9d95486116a49aac5a83eb76fc3575ce500acb11c4e489ecfb74c34df7f4e439
                                                    • Opcode Fuzzy Hash: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                    • Instruction Fuzzy Hash: 65316071A183015BD714EF24DC52B7B7BE4AF88705F44492EF949D6290E638D508CB9B
                                                    Function 0042F8E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042F900
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042F916
                                                    • SendMessageW.USER32(?,00001001,00000000,?), ref: 0042FA08
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3401074$3401075$3401076$3401077
                                                    • API String ID: 3850602802-1879149864
                                                    • Opcode ID: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                    • Instruction ID: b1405050125067dfa2b98fefbbf4893992a49d55c405f1a2d248d2381da72ad7
                                                    • Opcode Fuzzy Hash: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                    • Instruction Fuzzy Hash: 0D3168F07903007BE674EB258D83FEA72A59B44B54F20892FB71E762D1CAF87844965C
                                                    Function 004549E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                    • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                    • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                    • String ID: C:\$NTFS$\\.\C:
                                                    • API String ID: 1233574911-974996950
                                                    • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                    • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                    • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                    • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                    Function 0042D380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: Selected$`=
                                                    • API String ID: 3850602802-3404155819
                                                    • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                    • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                    • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                    • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                    Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                    • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                    • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                    • GetClientRect.USER32(?,?), ref: 00420AFB
                                                    • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$ClientRect
                                                    • String ID: Button_Check
                                                    • API String ID: 1925248871-1860365581
                                                    • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                    • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                    • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                    • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                    Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SysFreeString.OLEAUT32(00000000), ref: 00453297
                                                    • SysAllocString.OLEAUT32(?), ref: 00453332
                                                    • VariantInit.OLEAUT32(?), ref: 004533BF
                                                    • VariantInit.OLEAUT32(?), ref: 004533E6
                                                    • SysFreeString.OLEAUT32(?), ref: 004534A6
                                                    • VariantClear.OLEAUT32(?), ref: 004534B7
                                                    • VariantClear.OLEAUT32(?), ref: 004534BE
                                                    • VariantClear.OLEAUT32(?), ref: 004534C5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Variant$ClearString$FreeInit$Alloc
                                                    • String ID:
                                                    • API String ID: 1906771560-0
                                                    • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                    • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                    • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                    • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                    Function 004181A0 Relevance: 10.7, APIs: 7, Instructions: 190windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(?), ref: 004181B6
                                                    • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                    • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                    • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                    • GetClientRect.USER32(?,?), ref: 0041833E
                                                    • GetWindowRect.USER32(?,?), ref: 00418350
                                                    • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectWindow$ClientMessageSend
                                                    • String ID:
                                                    • API String ID: 1071774122-0
                                                    • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                    • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                    • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                    • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                    Function 004653B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00497DC0), ref: 00401305
                                                      • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,?,?,00497DC0), ref: 00401316
                                                      • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                      • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                    • GetSysColor.USER32(0000000F), ref: 00465580
                                                    • SetRect.USER32 ref: 004655DE
                                                    • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                    • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                    • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                    • String ID: Arial
                                                    • API String ID: 3457378621-493054409
                                                    • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                    • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                    • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                    • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                    Function 0042EF10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042EF55
                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF6C
                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF88
                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 0042EFF2
                                                    • SendMessageW.USER32(?,00001008,?,00000000), ref: 0042F0A9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: `=
                                                    • API String ID: 3850602802-2762138152
                                                    • Opcode ID: bd86d3570859d765c824abdba203c786da6a43838d81c02e3987e53c6f346bb5
                                                    • Instruction ID: 4a8da6b0a3b4820785d32a6e99519bf5ba1baf34d33d3eec9a517c422a0835b5
                                                    • Opcode Fuzzy Hash: bd86d3570859d765c824abdba203c786da6a43838d81c02e3987e53c6f346bb5
                                                    • Instruction Fuzzy Hash: 9C51E2716083109BD720DF25E981B5BB7F4FB88710F800A7EF94997392D775E8058B9A
                                                    Function 0042ED50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHBrowseForFolderW.SHELL32 ref: 0042EDC0
                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0042EDEF
                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE38
                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE65
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042EEC4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$LongName$BrowseFolderFromListMessageSend
                                                    • String ID: 3402075
                                                    • API String ID: 3410855119-2194680865
                                                    • Opcode ID: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                    • Instruction ID: 60252550f2a576e17c879c635a3a802f8da064449550e8d1e332f21db53478d5
                                                    • Opcode Fuzzy Hash: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                    • Instruction Fuzzy Hash: 3F416471508301AFD310DF65DDC8EABBBE8FB58351F40092EF55A921E0D7749849CB5A
                                                    Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ActiveMessageWindow
                                                    • String ID: 3400001$3400101$3401090$rY
                                                    • API String ID: 3610105657-3605576623
                                                    • Opcode ID: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                    • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                    • Opcode Fuzzy Hash: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                    • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                    Function 005035CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _ValidateLocalCookies.LIBCMT ref: 00503601
                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00503609
                                                    • _ValidateLocalCookies.LIBCMT ref: 00503692
                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 005036BD
                                                    • _ValidateLocalCookies.LIBCMT ref: 00503712
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                    • String ID: csm
                                                    • API String ID: 1170836740-1018135373
                                                    • Opcode ID: 80e18b6aafd1d9acec2835737ad136747c20234a7744efa4a1d943050bc4d395
                                                    • Instruction ID: 8c319b8de6cf368726d111083056fe9cedfc1dc51f9fc976aac1017ab9f9d3cb
                                                    • Opcode Fuzzy Hash: 80e18b6aafd1d9acec2835737ad136747c20234a7744efa4a1d943050bc4d395
                                                    • Instruction Fuzzy Hash: E1417234A00205AFCF10DF69C845A9EBFA9FF85314F1481A6E8196B3D2D7329B15CB91
                                                    Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetClientRect.USER32(?,?), ref: 004674EB
                                                    • GetParent.USER32(?), ref: 004674FB
                                                    • GetWindowRect.USER32(?,?), ref: 0046751B
                                                    • GetParent.USER32(?), ref: 0046752A
                                                    • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                    • String ID:
                                                    • API String ID: 1335343179-0
                                                    • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                    • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                    • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                    • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                    Function 00423480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSubMenu.USER32(?,00000002), ref: 0042352E
                                                    • GetCursorPos.USER32(00000010), ref: 00423545
                                                    • SetForegroundWindow.USER32(?), ref: 0042354F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CursorForegroundMenuWindow
                                                    • String ID: 3401016
                                                    • API String ID: 390680170-1597404659
                                                    • Opcode ID: d70c479b33c264398e28cb7ff03fea03c89dfeb31a69bd09b7f4b8d505c0b054
                                                    • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                    • Opcode Fuzzy Hash: d70c479b33c264398e28cb7ff03fea03c89dfeb31a69bd09b7f4b8d505c0b054
                                                    • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                    Function 00454160 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000000,?,?,004543B4,?,00000000,00000000), ref: 004541C4
                                                    • DeviceIoControl.KERNEL32 ref: 00454215
                                                    • GetLastError.KERNEL32 ref: 0045421F
                                                    • GetLastError.KERNEL32 ref: 0045422C
                                                    • CloseHandle.KERNEL32(00000000,?,7376EA83,?,00000000,?,?,004543B4,?,00000000,00000000,?,?,?,?,?), ref: 00454273
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                    • String ID: \\.\C:
                                                    • API String ID: 1177325624-259948872
                                                    • Opcode ID: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                    • Instruction ID: 8413255d3e20ee0171831c1fd4e9de5db1cf6cd8e0bd52f5cbead1f2af0ef7cc
                                                    • Opcode Fuzzy Hash: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                    • Instruction Fuzzy Hash: 943169B1A08310AFD310DF55D884A5BBBE8EBC9758F00492EF948D7351D6749884CB9A
                                                    Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                    • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                    • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                    • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                    • String ID:
                                                    • API String ID: 4196163336-0
                                                    • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                    • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                    • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                    • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                    Function 00424270 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,7376EA83,76945540,?,?,00421AA0,7376EA83), ref: 004242B3
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                      • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                    • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RedrawWindow$MessageSend
                                                    • String ID: %s: %I64u $3401050$3401080
                                                    • API String ID: 730354411-73662114
                                                    • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                    • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                    • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                    • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                    Function 00421C2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadMenuW.USER32(00000000), ref: 00421C48
                                                    • GetSubMenu.USER32(?,00000001), ref: 00421C73
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$Load
                                                    • String ID: 3401014$3401015$3401098$3401131
                                                    • API String ID: 1099491344-459607355
                                                    • Opcode ID: 1a4b47e471c48cc02f7efefbaa69512c0fe317c002fdfc116e0d63957e74e00c
                                                    • Instruction ID: b71f282f499dea007fce5caf996e47d1757462289e0889810d3e856d8b0124fa
                                                    • Opcode Fuzzy Hash: 1a4b47e471c48cc02f7efefbaa69512c0fe317c002fdfc116e0d63957e74e00c
                                                    • Instruction Fuzzy Hash: EF2141F1B9435076D364AAA19C03FAF72A8AF84B54F10C91FB64E725C1CEAC640157AD
                                                    Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetForegroundWindow.USER32(?), ref: 00423369
                                                    • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                    • GetLastError.KERNEL32 ref: 00423452
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                    • String ID: $>$3401082$3401083
                                                    • API String ID: 4150770455-2005305407
                                                    • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                    • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                    • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                    • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                    Function 00432E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432EB2
                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432EF5
                                                    • SendMessageW.USER32(?,00001008,-00000002,00000000), ref: 00432F33
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402077$3402078$3402079
                                                    • API String ID: 3850602802-670106401
                                                    • Opcode ID: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                    • Instruction ID: c04858277577f06559cf2ee2803e4bbf63125390443237cb6e41332b9df5dc51
                                                    • Opcode Fuzzy Hash: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                    • Instruction Fuzzy Hash: 3A2183B56947406BD321DF50CD86FAB73A8EB88B11F10491FF31EA25C0CAA8A804976D
                                                    Function 00431D10 Relevance: 9.1, APIs: 6, Instructions: 129windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetClientRect.USER32(?,?), ref: 00431D46
                                                    • CreateCompatibleDC.GDI32(?), ref: 00431D78
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431D9E
                                                    • SelectObject.GDI32(?,?), ref: 00431DBC
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00431DCA
                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00431E69
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreate$BitmapClientMessageObjectRectSelectSend
                                                    • String ID:
                                                    • API String ID: 2414545248-0
                                                    • Opcode ID: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                    • Instruction ID: 8bb2e0385ae3c531c2e170360c03eff7dceb5b5f9b27b4236f5b68df8b256744
                                                    • Opcode Fuzzy Hash: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                    • Instruction Fuzzy Hash: 22412AB1508340AFC314DF68C985E5BBBE8FBC8714F048A1EF59993291DBB4E904CB66
                                                    Function 0045FB10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 371fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,7376EA83), ref: 0045FBFD
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045FD6C
                                                    • GetLastError.KERNEL32 ref: 00460023
                                                    • CloseHandle.KERNEL32(?), ref: 00460032
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateErrorFileHandleLastUnothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: \\.\C:
                                                    • API String ID: 2002255750-259948872
                                                    • Opcode ID: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                    • Instruction ID: f68b579a164141f6a35d8a11ab023a6fd55b536e149a63f8f0d67cb16e8cd9f8
                                                    • Opcode Fuzzy Hash: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                    • Instruction Fuzzy Hash: 53F139B15183419FC324DF25C881AAFB7E4BF89714F104A2EF99983351E778A948CB97
                                                    Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                    • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExtentPoint32Text
                                                    • String ID: ...$`=
                                                    • API String ID: 223599850-889875407
                                                    • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                    • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                    • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                    • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                    Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                    • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                    • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                    • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                      • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                      • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                    • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                    • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                    • String ID:
                                                    • API String ID: 1847558199-0
                                                    • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                    • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                    • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                    • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                    Function 00424AE0 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                    • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                    • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                    • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                    Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindowVisible.USER32(?), ref: 0041109B
                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                    • IsWindowVisible.USER32(?), ref: 004110CF
                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                    • IsWindowVisible.USER32(?), ref: 0041110B
                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSendVisibleWindow
                                                    • String ID:
                                                    • API String ID: 3984873885-0
                                                    • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                    • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                    • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                    • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                    Function 004298F0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MsgWaitForMultipleObjects.USER32 ref: 00429964
                                                    • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0042998F
                                                    • TranslateMessage.USER32(?), ref: 0042999A
                                                    • DispatchMessageW.USER32(?), ref: 004299A1
                                                    • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 004299B0
                                                    • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,?,000004FF), ref: 004299C9
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                    • String ID:
                                                    • API String ID: 1800058468-0
                                                    • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                    • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                    • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                    • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                    Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                    • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                    • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                    • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                    • GetBkColor.GDI32(?), ref: 0040EA78
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreate$BitmapColorMode
                                                    • String ID:
                                                    • API String ID: 451781270-0
                                                    • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                    • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                    • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                    • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                    Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 004650D8
                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$Release
                                                    • String ID:
                                                    • API String ID: 1035833867-0
                                                    • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                    • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                    • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                    • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                    Function 00455E40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0045619C
                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 004561B2
                                                    • GetTickCount.KERNEL32 ref: 004561D8
                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00456226
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Time$FileSystem$CountCriticalEnterSectionTick
                                                    • String ID: `=
                                                    • API String ID: 220952284-2762138152
                                                    • Opcode ID: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                    • Instruction ID: 934190aa3f0b3ae95b724ee9cdb0041c178ee72d2cde610639a7ed787e377e39
                                                    • Opcode Fuzzy Hash: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                    • Instruction Fuzzy Hash: FDD117B1A04B06EFC314DF65C484A9AFBE4FF48701F904A1EE85993611DB34B958CF9A
                                                    Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$InvalidateRect
                                                    • String ID: Button_Check$`=
                                                    • API String ID: 2778011698-3236272720
                                                    • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                    • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                    • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                    • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                    Function 00432BF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432C6E
                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432CB4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402077$3402078$tFH
                                                    • API String ID: 3850602802-2744557037
                                                    • Opcode ID: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                    • Instruction ID: 0052325b0c9a5ab111783a0a252863c2f47d3c18ee4d5c8230f443e5887af2fe
                                                    • Opcode Fuzzy Hash: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                    • Instruction Fuzzy Hash: 415160712083819FD325EF20DE99FDBB7E4AF99704F00491EF18E92191CBB46948CB5A
                                                    Function 00416960 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                    • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                    • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                      • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                      • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                      • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                    • String ID: LISTVIEW
                                                    • API String ID: 2600991427-1680257557
                                                    • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                    • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                    • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                    • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                    Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                    • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                    • KillTimer.USER32(?,00000002), ref: 00424770
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Timer$InvalidateKillRectRedrawWindow
                                                    • String ID: `=
                                                    • API String ID: 4168450595-2762138152
                                                    • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                    • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                    • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                    • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                    Function 0041DC20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHBrowseForFolderW.SHELL32 ref: 0041DC8E
                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0041DCBD
                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0041DD06
                                                    • GetLongPathNameW.KERNEL32(7376EA83,00000000), ref: 0041DD33
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$LongName$BrowseFolderFromList
                                                    • String ID: 3402075
                                                    • API String ID: 4132326259-2194680865
                                                    • Opcode ID: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                    • Instruction ID: a9706069ea416aad4f302c8e8149c97dc391afa5e31a47db3cf999b1b5352ce6
                                                    • Opcode Fuzzy Hash: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                    • Instruction Fuzzy Hash: AD4152715083419FC314EF64DD88AABBBF4FB89710F400A3EF65A922A0DB759944CB5A
                                                    Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                    • SHCreateDirectory.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$CreateDirectoryExistsFileFolderSpecial
                                                    • String ID: DiskDefrag$\DiskDefrag
                                                    • API String ID: 106629909-1352560241
                                                    • Opcode ID: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                    • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                    • Opcode Fuzzy Hash: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                    • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                    Function 00465E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ObjectSelect
                                                    • String ID: `=
                                                    • API String ID: 1517587568-2762138152
                                                    • Opcode ID: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                    • Instruction ID: 398bc34aaeb48a28786a3eeef8d096b9ba9882d646282afc346b5bddce66a1f9
                                                    • Opcode Fuzzy Hash: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                    • Instruction Fuzzy Hash: 36417E32200A048FD724EFA9E884E6BF3A5EF94321B05852FE84A97611DB35F840CB55
                                                    Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                    • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                    • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Library$AddressFreeLoadProc
                                                    • String ID: PowrProf.dll$SetSuspendState
                                                    • API String ID: 145871493-1420736420
                                                    • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                    • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                    • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                    • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                    Function 004657C0 Relevance: 7.6, APIs: 5, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                    • GdiplusShutdown.GDIPLUS(?,7376EA83,?,?,?,?,?,00000000,0047812F,000000FF,0041A4F1,7376EA83), ref: 00465814
                                                    • DeleteObject.GDI32(?), ref: 004658CF
                                                    • DeleteObject.GDI32(?), ref: 00465921
                                                    • DeleteObject.GDI32(?), ref: 00465973
                                                    • DeleteObject.GDI32(?), ref: 004659C5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DeleteObject$GdiplusShutdown
                                                    • String ID:
                                                    • API String ID: 1337965791-0
                                                    • Opcode ID: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                    • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                    • Opcode Fuzzy Hash: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                    • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                    Function 00454C60 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: __aullrem$__aulldiv
                                                    • String ID:
                                                    • API String ID: 3670715282-0
                                                    • Opcode ID: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                    • Instruction ID: fa94849079e70c1b34915df37323d6afc94868806176a113829b563514bd0fbf
                                                    • Opcode Fuzzy Hash: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                    • Instruction Fuzzy Hash: 43311775208305AFD200EA65E881D2FB3E9EBC8749F50491EF98497302D738FD498AB6
                                                    Function 004262A0 Relevance: 7.6, APIs: 5, Instructions: 74stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrlenW.KERNEL32(0041F6D0,?,76945540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,76945540,00000001,00000000,?,00000000,00000000,?,76945540,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                    • GetLastError.KERNEL32(?,76945540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,76945540,00000001,00000000,00000000,00000000,00000000,?,76945540,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,76945540,00000001,00000000,00000000,00000000,00000000,?,76945540,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                    • String ID:
                                                    • API String ID: 3322701435-0
                                                    • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                    • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                    • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                    • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                    Function 0041A0DC Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041A7E0: RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                      • Part of subcall function 0041A730: CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                      • Part of subcall function 0041A7B0: CloseHandle.KERNEL32(?,0041A113), ref: 0041A7BB
                                                    • EnumWindows.USER32(Function_00019F90,?), ref: 0041A121
                                                    • IsWindow.USER32(?), ref: 0041A12C
                                                    • SetForegroundWindow.USER32(?), ref: 0041A13F
                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0041A157
                                                    • SendMessageW.USER32 ref: 0041A18A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSendWindow$CloseCreateEnumForegroundHandleMutexOpenWindows
                                                    • String ID:
                                                    • API String ID: 4196083293-0
                                                    • Opcode ID: 9e6c0fe9baec171d7626c0c65e47d53d225f7aa6f943c70b518a3cd763a0f699
                                                    • Instruction ID: d762d58b284716c123194df2d56f313edae6d07df6750aca61f6228c44254caf
                                                    • Opcode Fuzzy Hash: 9e6c0fe9baec171d7626c0c65e47d53d225f7aa6f943c70b518a3cd763a0f699
                                                    • Instruction Fuzzy Hash: 58218E71609341AFC315DF15D885AABBBE8FFC8304F00492EF14983291DB79E885CB56
                                                    Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$Client$EventMouseTrack
                                                    • String ID:
                                                    • API String ID: 1879027383-0
                                                    • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                    • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                    • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                    • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                    Function 0046CF70 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 0046CF84
                                                    • SelectObject.GDI32(?,?), ref: 0046CFAB
                                                    • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0046CFCB
                                                    • SelectObject.GDI32(?,00000000), ref: 0046CFDA
                                                    • ReleaseDC.USER32(00000000,?), ref: 0046CFF1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ObjectSelect$Release
                                                    • String ID:
                                                    • API String ID: 3581861777-0
                                                    • Opcode ID: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                    • Instruction ID: daceeca4effa55fca9f5214fa6f3dce8251d9e38b51f783a69048b93fac7a53b
                                                    • Opcode Fuzzy Hash: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                    • Instruction Fuzzy Hash: 751115B5200601AFC314DFA9C9C8C27B7EAFF88600700C62DB94987601DB35FC45CB64
                                                    Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetWindowRect.USER32(?,?), ref: 00416443
                                                    • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                    • GetParent.USER32(?), ref: 00416467
                                                    • GetParent.USER32(?), ref: 0041647A
                                                    • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$Parent$InflateInvalidateWindow
                                                    • String ID:
                                                    • API String ID: 3567486610-0
                                                    • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                    • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                    • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                    • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                    Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 0040122D
                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                    • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                    • String ID:
                                                    • API String ID: 3506214061-0
                                                    • Opcode ID: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                    • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                    • Opcode Fuzzy Hash: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                    • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                    Function 004288E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00428B67
                                                    • WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 00428C3B
                                                    • CloseHandle.KERNEL32 ref: 00428C8D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateHandleMultipleObjectsThreadWait
                                                    • String ID: `=
                                                    • API String ID: 1263187225-2762138152
                                                    • Opcode ID: 2d7ebfa6a9a2b4656dd8fa51e96b61bd1dce91ce0a765f2429ab83b963c119d1
                                                    • Instruction ID: a913cb5e350b9d2bc9fc20d1f9b00526ce29f1f5c0cea8f0350da80d90f5eb0a
                                                    • Opcode Fuzzy Hash: 2d7ebfa6a9a2b4656dd8fa51e96b61bd1dce91ce0a765f2429ab83b963c119d1
                                                    • Instruction Fuzzy Hash: 58D17F71706225DFC724EFA4E88462EB7B0BF44300F94896EF85597351DB75E880CBAA
                                                    Function 00422D50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422F48
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                    • String ID: DiskChecked$DiskDefrag$`=
                                                    • API String ID: 142774367-3347577070
                                                    • Opcode ID: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                    • Instruction ID: fed9d3ca3bfe53db5501e1f63bebbc1333baccd255b2eb749adb8bf470123f53
                                                    • Opcode Fuzzy Hash: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                    • Instruction Fuzzy Hash: E151A43170061AABC31CEF6CD995AA9F3A1BB84300F85862EED158B781D7B4B951DBC4
                                                    Function 00467820 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteObject.GDI32(00000000), ref: 00467935
                                                    • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$DeleteObject
                                                    • String ID: `=
                                                    • API String ID: 4188969710-2762138152
                                                    • Opcode ID: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                    • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                    • Opcode Fuzzy Hash: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                    • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                    Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                    • API String ID: 0-2901586747
                                                    • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                    • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                    • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                    • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                    Function 00431060 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                    Strings
                                                    • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0043118A
                                                    • ColorIndex, xrefs: 00431185
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                    • API String ID: 3850602802-1631410767
                                                    • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                    • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                    • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                    • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                    Function 004238A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemPowerStatus.KERNEL32 ref: 00423907
                                                    • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 004239E8
                                                    • GetLongPathNameW.KERNEL32(7376EA83,00000000), ref: 00423A15
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: LongNamePath$PowerStatusSystem
                                                    • String ID: 3400003
                                                    • API String ID: 2229323602-2398869336
                                                    • Opcode ID: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                    • Instruction ID: 559a5a5f11ad9cbb26b2ef481da3000354db79d5173c1cf665cce4c119cf32f6
                                                    • Opcode Fuzzy Hash: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                    • Instruction Fuzzy Hash: 3C51C6712083419FD310EF20DD85BABB7F8AF88715F50092EF199921D1DB78AA49CB5A
                                                    Function 00422A90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422C04
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                    • String ID: DiskChecked$DiskDefrag$`=
                                                    • API String ID: 142774367-3347577070
                                                    • Opcode ID: 7b3785d154c84e13650d4089b12ddb33fc3ddbb9f3bc8d58731a5152a72f2c07
                                                    • Instruction ID: 0b9e0d0bd62f39a9103a5831cbb30b95e2098115bf74eedd830be0e4041926e5
                                                    • Opcode Fuzzy Hash: 7b3785d154c84e13650d4089b12ddb33fc3ddbb9f3bc8d58731a5152a72f2c07
                                                    • Instruction Fuzzy Hash: 644196313007059FC728EE2DDD85BAAB7E1BF84304F94852EED468F385DAB4B845C654
                                                    Function 00402A30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,7693AF60), ref: 0041DB8A
                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                      • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                    • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                    • String ID: C:\
                                                    • API String ID: 2359154852-3404278061
                                                    • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                    • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                    • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                    • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                    Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 004619BD
                                                    • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastMessage
                                                    • String ID: %c:\$Disk Defrag
                                                    • API String ID: 463093485-3222931339
                                                    • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                    • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                    • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                    • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                    Function 00410B80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,?), ref: 00410C49
                                                    • ExpandEnvironmentStringsW.KERNEL32(%HOMEDRIVE%,?,0000000C), ref: 00410C8F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: EnvironmentExpandInformationStringsVolume
                                                    • String ID: %HOMEDRIVE%$NTFS
                                                    • API String ID: 1751349637-3402063299
                                                    • Opcode ID: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                    • Instruction ID: 637acb8aad6857eaaece39300668810a01c8d3601b07b0b48692e68ec32a0e85
                                                    • Opcode Fuzzy Hash: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                    • Instruction Fuzzy Hash: 224160706083019BD714DF75CA86BAB77E4AF88704F40493EB949C7291EBB8D984CB5A
                                                    Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID: FAT$FAT16$FAT32
                                                    • API String ID: 2039140958-3969911809
                                                    • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                    • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                    • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                    • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                    Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                    • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Timer$Kill
                                                    • String ID: 3401028$3401029
                                                    • API String ID: 3307318486-3858196228
                                                    • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                    • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                    • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                    • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                    Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: EmptyRect
                                                    • String ID: Button$CDoubleDraw$Default
                                                    • API String ID: 2270935405-580154339
                                                    • Opcode ID: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                    • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                    • Opcode Fuzzy Hash: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                    • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                    Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                    • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Window$Defer$BeginRedraw
                                                    • String ID: Button_Check
                                                    • API String ID: 2284443614-1860365581
                                                    • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                    • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                    • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                    • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                    Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • mciSendCommandW.WINMM ref: 0041E210
                                                    • mciGetErrorStringW.WINMM(00000000,?,00000080), ref: 0041E23D
                                                    • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CommandSend$ErrorString
                                                    • String ID: %s/n
                                                    • API String ID: 1543859921-1476993579
                                                    • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                    • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                    • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                    • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                    Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                      • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                      • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                    • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                    • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                    • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                    • String ID: >=
                                                    • API String ID: 1500692541-3263226258
                                                    • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                    • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                    • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                    • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                    Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415319,?,?,7376EA83,?,?,00000000,7376EA83,?,7376EA83,?,00000000,00000000), ref: 00415253
                                                    • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_GetImageInfo
                                                    • API String ID: 310444273-158344479
                                                    • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                    • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                    • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                    • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                    Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415489,?,?,7376EA83,?,?,00000000,004070E8,?,7376EA83,?,00000000,00000000), ref: 004153D0
                                                    • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                    Strings
                                                    • ImageList_GetImageCount, xrefs: 004153F5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_GetImageCount
                                                    • API String ID: 310444273-4246500564
                                                    • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                    • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                    • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                    • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                    Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00403E46,?,?,7376EA83), ref: 00403DA0
                                                    • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_AddMasked
                                                    • API String ID: 310444273-822293376
                                                    • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                    • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                    • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                    • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                    Function 00423E70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000040), ref: 00423E73
                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423E7A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClassCurrentPriorityProcess
                                                    • String ID: DiskDefrag$Priority
                                                    • API String ID: 1822496659-2550450721
                                                    • Opcode ID: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                    • Instruction ID: 65e6db7a757ac2f859af6c567d4dd87af2ab39161d08e9a40c4738524f0132bc
                                                    • Opcode Fuzzy Hash: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                    • Instruction Fuzzy Hash: F3D05BB1580300BFE2006B90CC4EF553654EB00705F504419BB09950E2C6F55188C7AE
                                                    Function 00423E30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000020), ref: 00423E33
                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423E3A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClassCurrentPriorityProcess
                                                    • String ID: DiskDefrag$Priority
                                                    • API String ID: 1822496659-2550450721
                                                    • Opcode ID: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                    • Instruction ID: 0765593b2bd4a548dc4285e73e255d63b39630105a75dc21cbbf118713a2a5a8
                                                    • Opcode Fuzzy Hash: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                    • Instruction Fuzzy Hash: 1DD05B71580300BBE1006B90CC4EF553658EB00705F50441DBB09950E2C6F45188C76A
                                                    Function 00423EB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000080), ref: 00423EB6
                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423EBD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClassCurrentPriorityProcess
                                                    • String ID: DiskDefrag$Priority
                                                    • API String ID: 1822496659-2550450721
                                                    • Opcode ID: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                    • Instruction ID: cd9b91bb96566d5ac382291ffc385f6ffd504ff47ee525bf2600b2da5630117b
                                                    • Opcode Fuzzy Hash: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                    • Instruction Fuzzy Hash: F8D05EB1680301BFE200ABD0CC4EF5A3668EB00B05F90881DFB09950E2CAF45188CBAA
                                                    Function 00504274 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AdjustPointer
                                                    • String ID:
                                                    • API String ID: 1740715915-0
                                                    • Opcode ID: 2f0b33c3719e7fcaed95029fb5341bdd68b0aeebc8bb7a8e810e980fd1942554
                                                    • Instruction ID: 8d54b60b4dbcadace8c8d92a661b26f00d94fd6d5e2cfe78c5a792aa377a4210
                                                    • Opcode Fuzzy Hash: 2f0b33c3719e7fcaed95029fb5341bdd68b0aeebc8bb7a8e810e980fd1942554
                                                    • Instruction Fuzzy Hash: 2451CFB6605203AFDB299F55D845BAEBFA4FF40310F24992DEA05872D1E731AC91CF90
                                                    Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                    • GetClientRect.USER32(?,?), ref: 0042C88F
                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                    • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClientMessageRectSend
                                                    • String ID:
                                                    • API String ID: 166717107-0
                                                    • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                    • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                    • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                    • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                    Function 00410A20 Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • GetParent.USER32(?), ref: 00410AB3
                                                    • GetParent.USER32(?), ref: 00410AC5
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                      • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                    • String ID:
                                                    • API String ID: 1290606431-0
                                                    • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                    • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                    • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                    • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                    Function 00451F00 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClearVariant$AllocString
                                                    • String ID:
                                                    • API String ID: 2502263055-0
                                                    • Opcode ID: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                    • Instruction ID: d31ef5bb5228e6c3ad645c8f3d1319e11389829958ef149dbed2cab14c92e82a
                                                    • Opcode Fuzzy Hash: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                    • Instruction Fuzzy Hash: 15316F722087059FC310CF58C880B5BB7E8EF88718F104A2EF95997350DB79E909CB9A
                                                    Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(?), ref: 0041056D
                                                    • GetWindowRect.USER32(?,?), ref: 0041058D
                                                      • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                      • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                      • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                      • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                    • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                    • GetWindowRect.USER32(?,?), ref: 0041063B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                    • String ID:
                                                    • API String ID: 2970461787-0
                                                    • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                    • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                    • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                    • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                    Function 0040F130 Relevance: 6.1, APIs: 4, Instructions: 89windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(?), ref: 0040F162
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                    • GetClientRect.USER32(?,?), ref: 0040F19B
                                                    • ReleaseDC.USER32(?,?), ref: 0040F210
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClientMessageRectReleaseSend
                                                    • String ID:
                                                    • API String ID: 1863454828-0
                                                    • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                    • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                    • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                    • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                    Function 00454EF0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: __aulldiv__aullrem
                                                    • String ID:
                                                    • API String ID: 3839614884-0
                                                    • Opcode ID: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                    • Instruction ID: 61ee5ff977679a68600c6b3ba5455a9d5faea7aa6e4a004e82da9cd24f1d17ea
                                                    • Opcode Fuzzy Hash: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                    • Instruction Fuzzy Hash: 8B21D2B6608351AFC310DE59D880E6BBBE8EBD9305F00495DF8849B302D275EC458BB6
                                                    Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                      • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                    • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProcSleep
                                                    • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                    • API String ID: 451317006-1228882529
                                                    • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                    • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                    • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                    • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                    Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                    • GetLastError.KERNEL32 ref: 00463581
                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                    • GetLastError.KERNEL32 ref: 004635C7
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ControlDeviceErrorLast
                                                    • String ID:
                                                    • API String ID: 2645620995-0
                                                    • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                    • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                    • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                    • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                    Function 0041AA90 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(?), ref: 0041AADC
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                    • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExtentMessagePoint32ReleaseSendText
                                                    • String ID:
                                                    • API String ID: 3220701275-0
                                                    • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                    • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                    • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                    • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                    Function 00503B1B Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00503B37
                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00503B50
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Value___vcrt_
                                                    • String ID:
                                                    • API String ID: 1426506684-0
                                                    • Opcode ID: 4bf36c79f714d2a89cb30e494d94226b7eda414baaf82c223360c7aa9f7a0c6f
                                                    • Instruction ID: 7353190b5c751d0058e391ed670595676dc79ce1cec29b7a24e191303f1d6a31
                                                    • Opcode Fuzzy Hash: 4bf36c79f714d2a89cb30e494d94226b7eda414baaf82c223360c7aa9f7a0c6f
                                                    • Instruction Fuzzy Hash: 3801DE321096225EE7203BA4BC8AA6F3F9CBB82378B20033AF024410E1EB514E516205
                                                    Function 00454FD0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __allrem.LIBCMT ref: 00454FE5
                                                    • __alldvrm.LIBCMT ref: 00454FF8
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045500B
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00455044
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm__allrem
                                                    • String ID:
                                                    • API String ID: 2089711351-0
                                                    • Opcode ID: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                    • Instruction ID: 1642b9dd75f3a4511d1f743995959062418e168b9dabd897861ea646df64c966
                                                    • Opcode Fuzzy Hash: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                    • Instruction Fuzzy Hash: 44112AB5A00A00AFC324CF66C985D27BBE9EFC8714721C92EB59A87745D675FC40CB64
                                                    Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                    • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                    • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Cursor$Load$Destroy
                                                    • String ID:
                                                    • API String ID: 2883253431-0
                                                    • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                    • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                    • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                    • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                    Function 0043EE13 Relevance: 6.0, APIs: 4, Instructions: 40memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VariantClear.OLEAUT32(?), ref: 00451E17
                                                    • VariantClear.OLEAUT32(?), ref: 00451E1E
                                                    • VariantClear.OLEAUT32(?), ref: 00451E25
                                                    • VariantClear.OLEAUT32 ref: 00451E37
                                                    • SysAllocString.OLEAUT32(0047EF4C), ref: 00451E69
                                                    • SysFreeString.OLEAUT32(00000000), ref: 00451EA8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClearVariant$String$AllocFree
                                                    • String ID:
                                                    • API String ID: 1305860026-0
                                                    • Opcode ID: b37e011b781f1d454e30a98bb1468485945ccd4889f276b204347a15179b4595
                                                    • Instruction ID: 140283520e71beb42ed0646703587c81ba5a45ee29616676a2d43a9b4adb487a
                                                    • Opcode Fuzzy Hash: b37e011b781f1d454e30a98bb1468485945ccd4889f276b204347a15179b4595
                                                    • Instruction Fuzzy Hash: 6DF02D7750D7848FC710CF70EC80A96BBE5EFC5220F148A5FD95587255D6359806CF52
                                                    Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                    • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                    • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                    • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                    • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                    • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                    • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                    Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: __aulldiv
                                                    • String ID: `=
                                                    • API String ID: 3732870572-2762138152
                                                    • Opcode ID: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                    • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                    • Opcode Fuzzy Hash: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                    • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                    Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: `=
                                                    • API String ID: 885266447-2762138152
                                                    • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                    • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                    • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                    • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                    Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: __aulldiv
                                                    • String ID: `=
                                                    • API String ID: 3732870572-2762138152
                                                    • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                    • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                    • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                    • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                    Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterQueryRecycleSection
                                                    • String ID: C:\$`=
                                                    • API String ID: 1132591718-3292444104
                                                    • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                    • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                    • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                    • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                    Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                    • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcess
                                                    • String ID: P
                                                    • API String ID: 2050909247-3110715001
                                                    • Opcode ID: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                    • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                    • Opcode Fuzzy Hash: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                    • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                    Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                    • GetLogicalDrives.KERNEL32 ref: 00427273
                                                    • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                    • String ID: C:\
                                                    • API String ID: 2354564324-3404278061
                                                    • Opcode ID: 463b7e134fd02c2dffb61464138cf62a3387c166cfc111da7965f15e78b5fef1
                                                    • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                    • Opcode Fuzzy Hash: 463b7e134fd02c2dffb61464138cf62a3387c166cfc111da7965f15e78b5fef1
                                                    • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                    Function 00430EA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00430FF8
                                                    Strings
                                                    • DefragFinishRingtone, xrefs: 0043102A
                                                    • DiskDefrag\Setting Option\Gereral, xrefs: 0043102F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: DefragFinishRingtone$DiskDefrag\Setting Option\Gereral
                                                    • API String ID: 3850602802-1318132366
                                                    • Opcode ID: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                    • Instruction ID: 0a2994e761213e214e5a4d6a869241ea1e3b325438042f93d97e0811baed8686
                                                    • Opcode Fuzzy Hash: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                    • Instruction Fuzzy Hash: CE41717074820566EA30B7725D23BAF21489F1CB98F00562FFA19953C2FBEDD885859F
                                                    Function 00504870 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Catch
                                                    • String ID: MOC$RCC
                                                    • API String ID: 78271584-2084237596
                                                    • Opcode ID: 57d1e29d146de3ba40a084e0ccccf32f6555489212ef26a0975e53685c0b16b8
                                                    • Instruction ID: 7f3e499a65fa1b5ee95370a69dc2f62e8b798b9dea4c67a4a9596effe2b86ecb
                                                    • Opcode Fuzzy Hash: 57d1e29d146de3ba40a084e0ccccf32f6555489212ef26a0975e53685c0b16b8
                                                    • Instruction Fuzzy Hash: 754159B1900209AFCF15DF98CD85AEEBFB5BF48304F1485A9FA04A6291D335AD60DF50
                                                    Function 00422C50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,7376EA83,?,?), ref: 00426E01
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422CFC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                    • String ID: DiskChecked$DiskDefrag
                                                    • API String ID: 142774367-2981518532
                                                    • Opcode ID: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                    • Instruction ID: c399ede082bf33e8358967d7bf4ff09710be0966645c3ad0fdc692b3c116348a
                                                    • Opcode Fuzzy Hash: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                    • Instruction Fuzzy Hash: EE21B1726003189BC728EE1DDD85BDAB7A0AF84700F90452DFE158F282DBB4AA04C798
                                                    Function 00507C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ~P
                                                    • API String ID: 0-500931198
                                                    • Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                    • Instruction ID: 3f53a812ee88c614be39cb66f25ae1a6b01f6845a1ee28e41b72ee3cff38c9b7
                                                    • Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                    • Instruction Fuzzy Hash: 62215E72A0820AAFDB10AF619C45A7E7FA9FF493647108525F915971D1D730FC5097A0
                                                    Function 0041DDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DE53
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Volume$MountNamePoint
                                                    • String ID: C:\$DiskDefrag\SSD
                                                    • API String ID: 1269602640-2872339364
                                                    • Opcode ID: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                    • Instruction ID: c621563c8422bd9a998db8b3ae63383a0df01fc5d31629062189869ad5b1e679
                                                    • Opcode Fuzzy Hash: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                    • Instruction Fuzzy Hash: 16316AB1908701AFC314DF64DD85B5ABBE4FB88710F00492EF94A97290E735E948CB9A
                                                    Function 004320A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                      • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                    • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                    • API String ID: 3850602802-4101677200
                                                    • Opcode ID: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                    • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                    • Opcode Fuzzy Hash: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                    • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                    Function 0041DF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DF73
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Volume$MountNamePoint
                                                    • String ID: C:\$DiskDefrag\SSD
                                                    • API String ID: 1269602640-2872339364
                                                    • Opcode ID: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                    • Instruction ID: 5d073b895f258575d86a17cdac6f59c45116d1a3496c0b5e65ce3dbb7a15869e
                                                    • Opcode Fuzzy Hash: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                    • Instruction Fuzzy Hash: 7B213CB5908301DFC304DF64D985B9ABBE4FF98710F004A2EF45A83290EB74D588CB96
                                                    Function 00402590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402044$CPUIdleTime
                                                    • API String ID: 3850602802-2665702501
                                                    • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                    • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                    • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                    • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                    Function 00402660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402045$CPUUsageExceed
                                                    • API String ID: 3850602802-436957165
                                                    • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                    • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                    • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                    • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                    Function 0045CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesW.KERNEL32(?,7376EA83,?,?,?,00478D19,000000FF,0045997D,?), ref: 0045CF8C
                                                    • CreateFileW.KERNEL32(?,00000080,00000007,00000000,00000003,20000000,00000000), ref: 0045CFE9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: File$AttributesCreate
                                                    • String ID: \\?\
                                                    • API String ID: 415043291-4282027825
                                                    • Opcode ID: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                    • Instruction ID: 901598558c3e4d11bc3258ba10a6420141faa6f62916cefdcf4a46bf13df9223
                                                    • Opcode Fuzzy Hash: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                    • Instruction Fuzzy Hash: EB1173766083009FE310CB54EC89F5BB7A9FB84721F10492EF959973D0D7789848C795
                                                    Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                    • GetDriveTypeW.KERNEL32(?,?,?,7693AF60), ref: 0041DB8A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                    • String ID: C:\
                                                    • API String ID: 16435998-3404278061
                                                    • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                    • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                    • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                    • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                    Function 0042CF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CF9B
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042CFF6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageRedrawSendWindow
                                                    • String ID: `=
                                                    • API String ID: 1030633669-2762138152
                                                    • Opcode ID: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                    • Instruction ID: d25022c26ba7c65596874a3e6aca49c08802d942c9937e1375339a52bc2b998b
                                                    • Opcode Fuzzy Hash: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                    • Instruction Fuzzy Hash: 46018B313006119BD7349A79DA89FDFB3A5AB94700F15481FF24ABB2C0CAF47881C64C
                                                    Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                    • RegCloseKey.ADVAPI32 ref: 0041A811
                                                      • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                      • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                      • Part of subcall function 0041A820: SHCreateDirectory.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                    Strings
                                                    • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$CloseCreateDirectoryExistsFileFolderOpenSpecial
                                                    • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                    • API String ID: 2992731242-3464295076
                                                    • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                    • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                    • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                    • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                    Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateExchangeInterlocked
                                                    • String ID: }I
                                                    • API String ID: 1770991917-1906338323
                                                    • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                    • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                    • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                    • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                    Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                    • DeleteDC.GDI32(00000000), ref: 004012C4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DeleteExchangeInterlocked
                                                    • String ID: }I
                                                    • API String ID: 1722977832-1906338323
                                                    • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                    • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                    • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                    • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                    Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                    • GetLastError.KERNEL32 ref: 0041A793
                                                    Strings
                                                    • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateErrorLastMutex
                                                    • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                    • API String ID: 1925916568-1835452401
                                                    • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                    • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                    • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                    • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                    Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                    • GetLastError.KERNEL32 ref: 0041A753
                                                    Strings
                                                    • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2390468130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.2390431520.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390522128.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390587381.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390608128.0000000000497000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390632018.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390675920.00000000004D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390803486.0000000000547000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2390950833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391014904.0000000000555000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391080431.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391196135.000000000055C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391275164.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391307503.0000000000567000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391363882.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391396719.000000000059B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2391440185.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateErrorLastMutex
                                                    • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                    • API String ID: 1925916568-3123431990
                                                    • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                    • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                    • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                    • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                    Executed Functions

                                                    Function 00609098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction ID: bba4459b27bb45b54d8e65905d2f87f9ac8b3eaa7b9440a593184a649f3bb687
                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction Fuzzy Hash: 33718C71E4424ADFDB45CF98C981BEEBBF2AF09314F244095E465F7282C234AA91DF64
                                                    Function 006092CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00609314
                                                      • Part of subcall function 00609098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                      • Part of subcall function 00609098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00609366
                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 006093C0
                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 006093F3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Virtual$Alloc$Free$Protect
                                                    • String ID: ,
                                                    • API String ID: 1004437363-3772416878
                                                    • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                    • Instruction ID: 738af253e33fc2844edb25ff7b5a8cc7bc7a71a48a5dee11789a4da4251f10ed
                                                    • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                    • Instruction Fuzzy Hash: C951F875940609AFCB24DFA9C881ADFBBF9FF08344F10851AF959A7281D370E951CBA4
                                                    Function 00600BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16
                                                    • String ID:
                                                    • API String ID: 3509577899-0
                                                    • Opcode ID: 79c57f79f9f80a4f3a8dfd6044341aefcd378521cd034f0e504a31617c91e999
                                                    • Instruction ID: d1db885b2c460c7f991c28e553ecb5acb63478c7e1c3c209997550704900956f
                                                    • Opcode Fuzzy Hash: 79c57f79f9f80a4f3a8dfd6044341aefcd378521cd034f0e504a31617c91e999
                                                    • Instruction Fuzzy Hash: 21517F72640606AFFB299FA4CC85FFB7BAAEF45710F150129FD08962D1EB30ED508660
                                                    Function 00603D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LCMapStringEx.KERNELBASE(?,00600C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00603D75
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: String
                                                    • String ID:
                                                    • API String ID: 2568140703-0
                                                    • Opcode ID: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                    • Instruction ID: 740aec800bbd3e0fb76d046b126ff8390ddaf2ff82bd4ff66e6689982e7aeed7
                                                    • Opcode Fuzzy Hash: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                    • Instruction Fuzzy Hash: 1AF09D3644022ABBCF165F91DC19DDE3F2BEF48761F098115FA18652A0C732C971EB90
                                                    Function 005FBEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualFree.KERNELBASE(?,00000000,?), ref: 005FBFCE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: e60e4068cd93b639c3aa235bc6197db17b8c4abbc8f37a23b828120a77983d2d
                                                    • Instruction ID: 6d62fbc4df2424aea4fad7cdd286ee5a2c4a41254d3b57e97a288d934881401e
                                                    • Opcode Fuzzy Hash: e60e4068cd93b639c3aa235bc6197db17b8c4abbc8f37a23b828120a77983d2d
                                                    • Instruction Fuzzy Hash: 02311671D00209EFDB10CFA9DC90BAEBFF5BB49740F14802AE655A7250D775A904CFA4
                                                    Function 005FBC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(00000000), ref: 005FBCC7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 582b8ab440f79654ec23e2522700c06166e2e5b0b67f1b83b93962facb22cafb
                                                    • Instruction ID: fa5fb0e093ad99c0c3e98ea2d5309ac8326e71ece38ba404fdfbdd6bd7d5ea72
                                                    • Opcode Fuzzy Hash: 582b8ab440f79654ec23e2522700c06166e2e5b0b67f1b83b93962facb22cafb
                                                    • Instruction Fuzzy Hash: 59E06DB5A01617BBA3217B20DD19DBB7A6DFF95742309842AFA10E2240DF24DC01C6B1

                                                    Non-executed Functions

                                                    Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                    • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                    • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                    • API String ID: 295610168-2526466113
                                                    • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                    • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                    • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                    • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                    Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                    • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                    • String ID: %c:\
                                                    • API String ID: 281833627-3142399695
                                                    • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                    • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                    • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                    • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                    Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00020028,?,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419CFD
                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419D04
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                    • String ID:
                                                    • API String ID: 3639550587-0
                                                    • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                    • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                    • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                    • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                    Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                    • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                    • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                    • String ID:
                                                    • API String ID: 2579439406-0
                                                    • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                    • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                    • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                    • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                    Function 00609277 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                    • Instruction ID: 7f45a62b763b18ee1db0e3ef6cde993bceb0ffd0ff8c50725b501db6588a7515
                                                    • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                    • Instruction Fuzzy Hash: 3AF06275A50200EFC718DF0AC544CD677F7EB857107654595D4049B3A2D3B0DE45CB70
                                                    Function 00428720 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 131windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCursorPos.USER32(00000000), ref: 0042872A
                                                    • CreatePopupMenu.USER32 ref: 00428751
                                                    • #8.OLEAUT32(3401099,0047D9D0,0047D9D0,0047D9D0,0047D9D0,00000000), ref: 00428778
                                                    • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                    • #8.OLEAUT32(3401128,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287AA
                                                    • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                    • #8.OLEAUT32(3401127,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287D6
                                                    • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                    • #8.OLEAUT32(3401032,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428811
                                                    • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                    • #8.OLEAUT32(3401033,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 0042883D
                                                    • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                    • #8.OLEAUT32(3401086,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428869
                                                    • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                    • #8.OLEAUT32(10021,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004288A4
                                                    • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Menu$Append$CreateCursorPopup
                                                    • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                    • API String ID: 2468982102-1766060818
                                                    • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                    • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                    • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                    • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                    Function 00402140 Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 304windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                      • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                    • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                    • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                    • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                      • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                      • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                    • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$8F$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                    • API String ID: 3599163918-1643340582
                                                    • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                    • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                    • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                    • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                    Function 004164C0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 304windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetComboBoxInfo.USER32 ref: 00416520
                                                    • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                    • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                    • GetClientRect.USER32(?,?), ref: 0041658E
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                    • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                      • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                    • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                    • CopyRect.USER32(?,?), ref: 0041683E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                    • String ID: 4$8F$COMBOBOX
                                                    • API String ID: 3327461832-961196532
                                                    • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                    • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                    • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                    • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                    Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                    • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Object
                                                    • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                    • API String ID: 2936123098-848768055
                                                    • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                    • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                    • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                    • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                    Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                    • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                    • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                    • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                    • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                    • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                    • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                    • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                    • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                    • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                    • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                    • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                    • String ID: &$>=
                                                    • API String ID: 1279047860-1654677323
                                                    • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                    • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                    • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                    • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                    Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                    • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                    • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                    • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                    • CoUninitialize.OLE32 ref: 004198B6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                    • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                    • API String ID: 3575674281-2330458756
                                                    • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                    • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                    • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                    • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                    Function 0040ECF0 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyRect.USER32(?,?), ref: 0040ED30
                                                    • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                    • CopyRect.USER32(?,?), ref: 0040EF77
                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                    • String ID: $8F
                                                    • API String ID: 2897418849-3711173759
                                                    • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                    • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                    • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                    • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                    Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                    • API String ID: 3850602802-328498535
                                                    • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                    • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                    • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                    • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                    Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                    • GetClientRect.USER32(?,?), ref: 0040FD46
                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                    • GetCursorPos.USER32(?), ref: 0040FE29
                                                    • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                    • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                    • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                    • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                    • String ID: d
                                                    • API String ID: 883400287-2564639436
                                                    • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                    • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                    • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                    • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                    Function 0040F790 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 372windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32 ref: 0040F806
                                                    • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                    • CopyRect.USER32(?,?), ref: 0040F845
                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                    • GetClientRect.USER32(?,?), ref: 0040F88B
                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                    • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageRectSend$Copy$Client
                                                    • String ID: $6$8F
                                                    • API String ID: 201260696-978989186
                                                    • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                    • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                    • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                    • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                    Function 00418660 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                    • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                    • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CriticalEnterSection
                                                    • String ID: %.2f%%$%I64u$8F
                                                    • API String ID: 2245208738-1881348792
                                                    • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                    • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                    • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                    • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                    Function 00418A70 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 249windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                    • String ID: /e,/select,"%s%s"$8F$explorer.exe$open
                                                    • API String ID: 206244367-1918814442
                                                    • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                    • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                    • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                    • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                    Function 00402760 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 122windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402041$3402042$8F$DiskDefrag$Images$close$open
                                                    • API String ID: 3850602802-2649565445
                                                    • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                    • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                    • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                    • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                    Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CopyRect
                                                    • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                    • API String ID: 1989077687-1885521073
                                                    • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                    • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                    • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                    • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                    Function 00410D00 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 242COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>$LG
                                                    • API String ID: 0-1992925794
                                                    • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                    • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                    • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                    • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                    Function 004181A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(?), ref: 004181B6
                                                    • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                    • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                    • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                    • GetClientRect.USER32(?,?), ref: 0041833E
                                                    • GetWindowRect.USER32(?,?), ref: 00418350
                                                    • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectWindow$ClientMessageSend
                                                    • String ID: 8F
                                                    • API String ID: 1071774122-180763933
                                                    • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                    • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                    • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                    • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                    Function 004298F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                    • TranslateMessage.USER32(?), ref: 0042999A
                                                    • DispatchMessageW.USER32(?), ref: 004299A1
                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                    • String ID: 0I$@I
                                                    • API String ID: 1800058468-400931512
                                                    • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                    • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                    • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                    • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                    Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                    • GetCursorPos.USER32(?), ref: 00416BCF
                                                    • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                    • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                    • PtInRect.USER32(?,?,?), ref: 00416C10
                                                    • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                    • PtInRect.USER32(?,?,?), ref: 00416C98
                                                    • InvalidateRect.USER32(?), ref: 00416CC7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                    • String ID:
                                                    • API String ID: 2454936240-0
                                                    • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                    • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                    • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                    • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                    Function 005FE841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • type_info::operator==.LIBVCRUNTIME ref: 005FE960
                                                    • ___TypeMatch.LIBVCRUNTIME ref: 005FEA6E
                                                    • _UnwindNestedFrames.LIBCMT ref: 005FEBC0
                                                    • CallUnexpected.LIBVCRUNTIME ref: 005FEBDB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 2751267872-393685449
                                                    • Opcode ID: c19a6fce0ee18c69e6a6df5abc7fbb45feec23a99ffaf8f8e88c07cc62424b03
                                                    • Instruction ID: 097b6effcaa8aa18da65fbe33cd854b68bb2956b7858ef1c70cb06c4d9df33e6
                                                    • Opcode Fuzzy Hash: c19a6fce0ee18c69e6a6df5abc7fbb45feec23a99ffaf8f8e88c07cc62424b03
                                                    • Instruction Fuzzy Hash: 00B14C3180020EDFCF15EFA4C9469BEBFB6FF54310B14456AEA016B222D779DA51CBA1
                                                    Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004768A9,000000FF), ref: 00401305
                                                      • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,004768A9,000000FF), ref: 00401316
                                                      • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                      • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                    • GetSysColor.USER32(0000000F), ref: 00465580
                                                    • SetRect.USER32 ref: 004655DE
                                                    • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                    • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                    • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                    • String ID: 8<$Arial
                                                    • API String ID: 3457378621-1936108657
                                                    • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                    • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                    • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                    • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                    Function 004657C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                    • GdiplusShutdown.GDIPLUS(?,?,BB40E64E,00093C38,?,?,00093E00,?,00000000,0047812F,000000FF,0041A4F1,BB40E64E,00093C38,?,00093E00), ref: 00465814
                                                    • DeleteObject.GDI32(?), ref: 004658CF
                                                    • DeleteObject.GDI32(?), ref: 00465921
                                                    • DeleteObject.GDI32(?), ref: 00465973
                                                    • DeleteObject.GDI32(?), ref: 004659C5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DeleteObject$GdiplusShutdown
                                                    • String ID: 8K
                                                    • API String ID: 1337965791-3211281232
                                                    • Opcode ID: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                    • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                    • Opcode Fuzzy Hash: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                    • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                    Function 00416960 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                    • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                    • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                      • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                      • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                      • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                    • String ID: 8F$LISTVIEW
                                                    • API String ID: 2600991427-1963048992
                                                    • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                    • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                    • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                    • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                    Function 005FD940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _ValidateLocalCookies.LIBCMT ref: 005FD977
                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 005FD97F
                                                    • _ValidateLocalCookies.LIBCMT ref: 005FDA08
                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 005FDA33
                                                    • _ValidateLocalCookies.LIBCMT ref: 005FDA88
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                    • String ID: csm
                                                    • API String ID: 1170836740-1018135373
                                                    • Opcode ID: 769407da07e329c2015a65ac49051018e45fa819d8e78d4bbafafb6fad6e4a64
                                                    • Instruction ID: df51cdbc48f6248c680d4cfd77e0fdccb8ddc871a812511b6634210c5c1f7045
                                                    • Opcode Fuzzy Hash: 769407da07e329c2015a65ac49051018e45fa819d8e78d4bbafafb6fad6e4a64
                                                    • Instruction Fuzzy Hash: F441E234A0020DAFCF00DF68C885ABE7FB6FF45314F148155EA19AB392C7799A11CBA1
                                                    Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                    • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExtentPoint32Text
                                                    • String ID: ...$`=
                                                    • API String ID: 223599850-889875407
                                                    • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                    • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                    • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                    • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                    Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                    • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                    • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                    • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                      • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                      • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                    • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                    • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                    • String ID:
                                                    • API String ID: 1847558199-0
                                                    • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                    • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                    • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                    • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                    Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                    • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                    • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                    • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                    • GetBkColor.GDI32(?), ref: 0040EA78
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreate$BitmapColorMode
                                                    • String ID:
                                                    • API String ID: 451781270-0
                                                    • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                    • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                    • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                    • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                    Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(00000000), ref: 004650D8
                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$Release
                                                    • String ID:
                                                    • API String ID: 1035833867-0
                                                    • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                    • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                    • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                    • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                    Function 00455E40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0045619C
                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 004561B2
                                                    • GetTickCount.KERNEL32 ref: 004561D8
                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00456226
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Time$FileSystem$CountCriticalEnterSectionTick
                                                    • String ID: `=
                                                    • API String ID: 220952284-2762138152
                                                    • Opcode ID: 410b74424ee1bab011349fb102a23ab2fc9437bfb08defa02d2803a1c7cb0993
                                                    • Instruction ID: 934190aa3f0b3ae95b724ee9cdb0041c178ee72d2cde610639a7ed787e377e39
                                                    • Opcode Fuzzy Hash: 410b74424ee1bab011349fb102a23ab2fc9437bfb08defa02d2803a1c7cb0993
                                                    • Instruction Fuzzy Hash: FDD117B1A04B06EFC314DF65C484A9AFBE4FF48701F904A1EE85993611DB34B958CF9A
                                                    Function 00467820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteObject.GDI32(00000000), ref: 00467935
                                                    • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$DeleteObject
                                                    • String ID: 8K$`=
                                                    • API String ID: 4188969710-450670534
                                                    • Opcode ID: 6ae490451279346f20ff5a9bdc53e8c576f5efa59d3a88cf8cb8055c59d1975e
                                                    • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                    • Opcode Fuzzy Hash: 6ae490451279346f20ff5a9bdc53e8c576f5efa59d3a88cf8cb8055c59d1975e
                                                    • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                    Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                    • #165.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$#165ExistsFileFolderSpecial
                                                    • String ID: DiskDefrag$\DiskDefrag
                                                    • API String ID: 3813007343-1352560241
                                                    • Opcode ID: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                    • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                    • Opcode Fuzzy Hash: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                    • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                    Function 00402A30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                      • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                    • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                    • String ID: 8F$C:\
                                                    • API String ID: 2359154852-3356063517
                                                    • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                    • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                    • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                    • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                    Function 00410A20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                    • GetParent.USER32(?), ref: 00410AB3
                                                    • GetParent.USER32(?), ref: 00410AC5
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                      • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                    • String ID: 8F
                                                    • API String ID: 1290606431-180763933
                                                    • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                    • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                    • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                    • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                    Function 0040F130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(?), ref: 0040F162
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                    • GetClientRect.USER32(?,?), ref: 0040F19B
                                                    • ReleaseDC.USER32(?,?), ref: 0040F210
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ClientMessageRectReleaseSend
                                                    • String ID: 8F
                                                    • API String ID: 1863454828-180763933
                                                    • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                    • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                    • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                    • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                    Function 0041AA90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDC.USER32(?), ref: 0041AADC
                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                    • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: ExtentMessagePoint32ReleaseSendText
                                                    • String ID: 8F
                                                    • API String ID: 3220701275-180763933
                                                    • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                    • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                    • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                    • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                    Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$Client$EventMouseTrack
                                                    • String ID:
                                                    • API String ID: 1879027383-0
                                                    • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                    • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                    • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                    • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                    Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetWindowRect.USER32(?,?), ref: 00416443
                                                    • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                    • GetParent.USER32(?), ref: 00416467
                                                    • GetParent.USER32(?), ref: 0041647A
                                                    • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Rect$Parent$InflateInvalidateWindow
                                                    • String ID:
                                                    • API String ID: 3567486610-0
                                                    • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                    • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                    • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                    • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                    Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(00497DC0,00094B38,?,004658D6), ref: 0040122D
                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                    • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                    • String ID:
                                                    • API String ID: 3506214061-0
                                                    • Opcode ID: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                    • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                    • Opcode Fuzzy Hash: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                    • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                    Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                    • API String ID: 0-2901586747
                                                    • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                    • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                    • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                    • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                    Function 00402070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadBitmapW.USER32(00000000,0000008F), ref: 004020B8
                                                    • LoadBitmapW.USER32(00000000,0000008E), ref: 004020D8
                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                      • Part of subcall function 00402140: LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                      • Part of subcall function 00402A30: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                      • Part of subcall function 00402A30: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                    • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00402121
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$BitmapLoad$FileInfo
                                                    • String ID: 8F
                                                    • API String ID: 945603440-180763933
                                                    • Opcode ID: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                    • Instruction ID: 6e2bdab270fbbe96b848c0bd2341101d434f26038ac6356a5de8eec39d30edc5
                                                    • Opcode Fuzzy Hash: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                    • Instruction Fuzzy Hash: 2411737078071535E130B6B2CE4BFEA224CAF14B04F00452EB759BA1D2CDEC694042AE
                                                    Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KillTimer.USER32(?,00000001,00000000,3401029,0047D9D0,0047D9D0,0047D9D0,?,0041A424,00000000,00000005,?,00000066,00000000), ref: 004226F8
                                                    • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Timer$Kill
                                                    • String ID: 3401028$3401029
                                                    • API String ID: 3307318486-3858196228
                                                    • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                    • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                    • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                    • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                    Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: EmptyRect
                                                    • String ID: Button$CDoubleDraw$Default
                                                    • API String ID: 2270935405-580154339
                                                    • Opcode ID: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                    • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                    • Opcode Fuzzy Hash: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                    • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                    Function 00402590 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402044$8F$CPUIdleTime
                                                    • API String ID: 3850602802-857541521
                                                    • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                    • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                    • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                    • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                    Function 00402660 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID: 3402045$8F$CPUUsageExceed
                                                    • API String ID: 3850602802-3685332712
                                                    • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                    • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                    • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                    • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                    Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                      • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                      • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                    • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                    • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                    • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                    • String ID: >=
                                                    • API String ID: 1500692541-3263226258
                                                    • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                    • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                    • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                    • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                    Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                    • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_Draw
                                                    • API String ID: 310444273-2074868843
                                                    • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                    • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                    • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                    • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                    Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00403E46,?,?,BB40E64E), ref: 00403DA0
                                                    • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_AddMasked
                                                    • API String ID: 310444273-822293376
                                                    • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                    • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                    • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                    • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                    Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415319,?,?,BB40E64E,?,?,00000000,BB40E64E,?,BB40E64E,?,00000000,00000000), ref: 00415253
                                                    • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_GetImageInfo
                                                    • API String ID: 310444273-158344479
                                                    • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                    • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                    • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                    • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                    Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(?,00415489,?,?,BB40E64E,?,?,00000000,004070E8,?,BB40E64E,?,00000000,00000000), ref: 004153D0
                                                    • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                    Strings
                                                    • ImageList_GetImageCount, xrefs: 004153F5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                    • String ID: ImageList_GetImageCount
                                                    • API String ID: 310444273-4246500564
                                                    • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                    • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                    • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                    • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                    Function 005FE5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: AdjustPointer
                                                    • String ID:
                                                    • API String ID: 1740715915-0
                                                    • Opcode ID: c8b77496f7086eaaae0d1c9487f784bb00d186b2c715a380ccabdd8648ac75ee
                                                    • Instruction ID: e14ab50769611a00ab1b7f1466e1694e93afd342973fee74288c6938ea870f0b
                                                    • Opcode Fuzzy Hash: c8b77496f7086eaaae0d1c9487f784bb00d186b2c715a380ccabdd8648ac75ee
                                                    • Instruction Fuzzy Hash: 7F51E37160124EAFDB289F10E946B7A7FA5FF94310F14452DEA06872B1E739EC41CB90
                                                    Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsWindow.USER32(?), ref: 0041056D
                                                    • GetWindowRect.USER32(?,?), ref: 0041058D
                                                      • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                      • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                      • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                      • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                    • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                    • GetWindowRect.USER32(?,?), ref: 0041063B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                    • String ID:
                                                    • API String ID: 2970461787-0
                                                    • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                    • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                    • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                    • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                    Function 005FDE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005FDEAD
                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005FDEC6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.2344465848.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_5d0000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Value___vcrt_
                                                    • String ID:
                                                    • API String ID: 1426506684-0
                                                    • Opcode ID: cacb738ff10da734c2dabfa70aa21b5d5414f77dcc8c09b1a5916038ff157a40
                                                    • Instruction ID: e21fa0e1e042aed262a66f695c45ff621a2c4ef1e34b50a65806cee853b7661a
                                                    • Opcode Fuzzy Hash: cacb738ff10da734c2dabfa70aa21b5d5414f77dcc8c09b1a5916038ff157a40
                                                    • Instruction Fuzzy Hash: 7801F5322483166EB71426B57C8A9763FBBFB52771B20022AF715451F1EE294C01E261
                                                    Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                    • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                    • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                    • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                    • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                    • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                    • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                    Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                    • GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                    • String ID: C:\
                                                    • API String ID: 16435998-3404278061
                                                    • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                    • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                    • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                    • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                    Function 0040FF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SendMessageW.USER32(00000000,00001206,00000000,?), ref: 0040FFA8
                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0040FFC7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: MessageRedrawSendWindow
                                                    • String ID: 8F
                                                    • API String ID: 1030633669-180763933
                                                    • Opcode ID: 4ce7ece4b0a7efd2be3ee5ecb6c152e4b3cc99dfbb2e460ec5d5cc11a63afa27
                                                    • Instruction ID: 0242e16c6b59478c3515ab3b1b4cca95650c18fcbf546397f4596530e5178a32
                                                    • Opcode Fuzzy Hash: 4ce7ece4b0a7efd2be3ee5ecb6c152e4b3cc99dfbb2e460ec5d5cc11a63afa27
                                                    • Instruction Fuzzy Hash: 3B014671604701AFC320DF28D881F5BB7E4BB88700F004A2EF999D7280E670E944CB96
                                                    Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyW.ADVAPI32(?,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                    • RegCloseKey.ADVAPI32 ref: 0041A811
                                                      • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                      • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                      • Part of subcall function 0041A820: #165.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                    Strings
                                                    • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: Path$#165CloseExistsFileFolderOpenSpecial
                                                    • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                    • API String ID: 1591709053-3464295076
                                                    • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                    • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                    • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                    • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                    Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateExchangeInterlocked
                                                    • String ID: }I
                                                    • API String ID: 1770991917-1906338323
                                                    • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                    • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                    • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                    • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                    Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                    • DeleteDC.GDI32(00000000), ref: 004012C4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: DeleteExchangeInterlocked
                                                    • String ID: }I
                                                    • API String ID: 1722977832-1906338323
                                                    • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                    • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                    • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                    • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                    Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                    • GetLastError.KERNEL32 ref: 0041A793
                                                    Strings
                                                    • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateErrorLastMutex
                                                    • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                    • API String ID: 1925916568-1835452401
                                                    • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                    • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                    • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                    • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                    Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                    • GetLastError.KERNEL32 ref: 0041A753
                                                    Strings
                                                    • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.2356607955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.2356587388.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356667266.000000000047C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356695827.0000000000496000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000547000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000555000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.0000000000567000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.2356716589.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_RXnQXC1eJa.jbxd
                                                    Similarity
                                                    • API ID: CreateErrorLastMutex
                                                    • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                    • API String ID: 1925916568-3123431990
                                                    • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                    • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                    • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                    • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                    Executed Functions

                                                    Function 02BF02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02BF0326
                                                      • Part of subcall function 02BF00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02BF00CD
                                                      • Part of subcall function 02BF00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02BF0279
                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02BF0378
                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02BF03E7
                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02BF0407
                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02BF042E
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02BF0456
                                                    • CloseHandle.KERNELBASE(?), ref: 02BF0471
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000003.2345154539.0000000002BF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_3_2bf0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                    • String ID: ,
                                                    • API String ID: 3867569247-3772416878
                                                    • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                    • Instruction ID: feee61254d768bbfaad453fa7b68a9738e00cabc56b7cd593862e1ac40a42de8
                                                    • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                    • Instruction Fuzzy Hash: EB612EB1900209EFDB20DFA9C884ADEFBB9FF08354F14C859EA59A7255D730A944CF60
                                                    Function 02BF00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02BF00CD
                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02BF0279
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000003.2345154539.0000000002BF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_3_2bf0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction ID: aa4156ee208c68b811fe84d660fbd21f2e747c7235c9de602ca69e5f8363c2a5
                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction Fuzzy Hash: D7719A71A0424ADFDB81DF98C881BEDBBF0EB09314F244495E5A1FB256C334AA95CF64

                                                    Execution Graph

                                                    Execution Coverage:33.4%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:24
                                                    Total number of Limit Nodes:0
                                                    execution_graph 415 1e47fc21cf4 417 1e47fc21d19 415->417 416 1e47fc21fa1 417->416 426 1e47fc215c0 417->426 419 1e47fc21f98 CloseHandle 419->416 420 1e47fc21f88 NtAcceptConnectPort 420->419 421 1e47fc21e3a 421->419 421->420 422 1e47fc21ecd 421->422 429 1e47fc20ac8 421->429 422->422 435 1e47fc21aa4 NtAcceptConnectPort 422->435 428 1e47fc215f4 NtAcceptConnectPort 426->428 428->421 430 1e47fc20c62 429->430 431 1e47fc20ae8 429->431 430->422 431->430 432 1e47fc20be8 NtAcceptConnectPort 431->432 432->430 433 1e47fc20c1b 432->433 433->430 434 1e47fc20c33 NtAcceptConnectPort 433->434 434->430 436 1e47fc21af7 435->436 437 1e47fc21c04 435->437 441 1e47fc21870 436->441 437->420 439 1e47fc21b10 440 1e47fc21bb6 NtAcceptConnectPort 439->440 440->437 443 1e47fc21889 441->443 442 1e47fc21949 442->439 443->442 444 1e47fc21930 GetProcessMitigationPolicy 443->444 444->442

                                                    Callgraph

                                                    Executed Functions

                                                    Function 000001E47FC21CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptCloseConnectHandlePort
                                                    • String ID:
                                                    • API String ID: 3811980168-0
                                                    • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                    • Instruction ID: 66e860d642eb52c920d13f714e297b354048f197a9caef2fd21b91f37b7c29b5
                                                    • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                    • Instruction Fuzzy Hash: D691D930908E488FD765EF5CC9417E973E1FB98320F14465ED89BC7296EB74A98287C1
                                                    Function 000001E47FC20AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort
                                                    • String ID:
                                                    • API String ID: 1658770261-0
                                                    • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                    • Instruction ID: 3ca268a0d702665c3477e421d148666c3b5e728a0898f92a60c8ef396b65711a
                                                    • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                    • Instruction Fuzzy Hash: 8D510230958AA50FF73CA67888956BCB7D4FB82309F34055FD8E3C6593EA24C58686C2
                                                    Function 000001E47FC21AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                    • String ID:
                                                    • API String ID: 2923266908-0
                                                    • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                    • Instruction ID: 8a6ecd13c69ab0c6a890c27a2c4ca819126642755ad978ff9f4a9bcd6cdea902
                                                    • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                    • Instruction Fuzzy Hash: B941DF30608B888FDB44DF2CD8897997B91FB55320F0443AEE85ACB2D7DA34C94A87D5
                                                    Function 000001E47FC215C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 118 1e47fc215c0-1e47fc215f2 119 1e47fc215f4-1e47fc215f7 118->119 120 1e47fc215f9-1e47fc215fb 118->120 121 1e47fc2161f-1e47fc2166d NtAcceptConnectPort 119->121 122 1e47fc2160b-1e47fc2160d 120->122 123 1e47fc215fd-1e47fc21609 120->123 124 1e47fc2160f-1e47fc2161b 122->124 125 1e47fc2161d 122->125 123->121 124->121 125->121
                                                    APIs
                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000001E47FC21E3A), ref: 000001E47FC21654
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort
                                                    • String ID:
                                                    • API String ID: 1658770261-0
                                                    • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                    • Instruction ID: 384bf7e525d69b39e887f6316cc58e8ad61444aa4082ede413ffe657c331ae6d
                                                    • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                    • Instruction Fuzzy Hash: CD215171908B488FDB58DF5CC9C9AAAB7E1FB68315F140A6EE44AC7360DB31D485CB81
                                                    Function 000001E47FC21870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 95 1e47fc21870-1e47fc218a0 call 1e47fc208a4 * 2 100 1e47fc218a6-1e47fc218a9 95->100 101 1e47fc21954-1e47fc2195b 95->101 100->101 102 1e47fc218af-1e47fc218b9 100->102 102->101 103 1e47fc218bf-1e47fc218c4 102->103 103->101 104 1e47fc218ca-1e47fc218d7 103->104 104->101 105 1e47fc218d9-1e47fc218e1 104->105 105->101 106 1e47fc218e3-1e47fc218ee 105->106 106->101 107 1e47fc218f0-1e47fc218f7 106->107 107->101 108 1e47fc218f9-1e47fc218fc 107->108 108->101 109 1e47fc218fe-1e47fc21906 108->109 109->101 110 1e47fc21908-1e47fc2190b 109->110 110->101 111 1e47fc2190d-1e47fc21916 110->111 111->101 112 1e47fc21918-1e47fc2191c 111->112 112->101 113 1e47fc2191e-1e47fc2192e 112->113 113->101 115 1e47fc21930-1e47fc21947 GetProcessMitigationPolicy 113->115 115->101 116 1e47fc21949-1e47fc2194e 115->116 116->101 117 1e47fc21950-1e47fc21951 116->117 117->101
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: MitigationPolicyProcess
                                                    • String ID:
                                                    • API String ID: 1088084561-0
                                                    • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                    • Instruction ID: 5ba426e17d3bd066ca22a797f625f4d3bef78250991e1ac4914b080e7e46d554
                                                    • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                    • Instruction Fuzzy Hash: 54319130900A875FFBA5ABA8CD947F972D0FB95328F1401AAC815E71D1EB79C9C9C6C0

                                                    Non-executed Functions

                                                    Function 000001E47FC20511 Relevance: .0, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.2552341386.000001E47FC20000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001E47FC20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_1e47fc20000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                    • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                    • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                    • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F